Bug 1814749

Summary: FreeIPA enrolled client can't login after upgrade to Fedora 32 beta
Product: [Fedora] Fedora Reporter: Justin Haygood <jhaygood86>
Component: freeipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 32CC: abokovoy, fdc, ipa-maint, jcholast, jhrozek, pcech, pvoborni, rcritten, ssorce, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-26 04:59:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Justin Haygood 2020-03-18 15:43:27 UTC 
Description of problem:

When upgrading a FreeIPA enrolled client to Fedora 32 beta, no FreeIPA managed accounts can login while selinux is enabled.

Version-Release number of selected component (if applicable):

Fedora 32

How reproducible:

Every user doesn't work

Steps to Reproduce:
1. Enroll Fedora 31 Workstation into FreeIPA
2. Upgrade to Fedora 32 Workstation Beta
3. Attempt to login

Actual results:

You get "system error" with selinux errors being logged 


Expected results:

Login succeeds

Additional Info:

Disabling selinux entirely allows login to succeed. Leaving selinux enabled in permissive or in non-enforcing mode still causes failure.
Comment 1 Alexander Bokovoy 2020-03-18 15:51:47 UTC 
Please provide logs that demonstrate the problem.
Comment 2 Petr Čech 2020-05-26 04:59:14 UTC 
We are afraid we don't have enough data to reproduce this bug. We are about to close this bug for now. But if you have new data please don't hesitate to reopen it.