RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1141949 - Cannot remove Active Directory user accounts using GUI (or cli)
Summary: Cannot remove Active Directory user accounts using GUI (or cli)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: control-center
Version: 7.2
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Ray Strode [halfline]
QA Contact: Desktop QE
URL:
Whiteboard:
: 1060183 (view as bug list)
Depends On:
Blocks: 1446620
TreeView+ depends on / blocked
 
Reported: 2014-09-15 20:37 UTC by Håkan Hagenrud
Modified: 2017-04-28 12:48 UTC (History)
8 users (show)

Fixed In Version: control-center-3.14.5-4.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1244932 1446620 (view as bug list)
Environment:
Last Closed: 2015-11-19 08:25:32 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2157 0 normal SHIPPED_LIVE control-center bug fix and enhancement update 2015-11-19 08:48:59 UTC

Description Håkan Hagenrud 2014-09-15 20:37:06 UTC
Description of problem:
My laptop is bound to Active Directory using the realmd package. sssd is the authenticator. Users that login to the graphical user interface or ssh is added to the Users list in gnome-control-center. Nice. But when trying to remove an account to make the GDM list shorter the operation fails.

Version-Release number of selected component (if applicable):
realmd-0.14.6-6.el7.x86_64
sssd-1.11.2-68.el7_0.5.x86_64
control-center-3.8.6-15.el7.x86_64

How reproducible:
every time I try

Steps to Reproduce:
1. Join computer to Active Directory domain (2008 r2 level)
2. Login with user account from Active Directory
3. Login with local admin account
4. Enter Settings from User account menu (top right corner if GNOME3)
5. Locate Users icon in Settings window and click
6. unlock pane by clicking the unlock button and provide correct password for local user
7. Locate useraccount that you wantto remove and select it by clicking on it
8. Now click the minus sign at bottom
9. Click either Delete Files or Keep files (I have tried both)
10. useraccount should be removed from local cache

Actual results:
The useraccount is still in the list and an error-message appears on screen
running '/usr/sbin/userdel' failed: Child process exited with code 1

Expected results:
Useraccount should be removed and the home-folder of the users should either be removed or kept depending on which button you press

Additional info:
This is not a severe bug, only a minor annoyance. But it should work.

Comment 4 Ondrej Holy 2015-06-03 08:30:28 UTC
*** Bug 1060183 has been marked as a duplicate of this bug. ***

Comment 6 Vladimir Benes 2015-07-14 08:57:41 UTC
this still seems to be buggy:

1. create ipa setup with an enterprise user (EU)
2. add EU via gnome-initial-setup
3. log in the EU via gdm
4. log out
5. log in other user
6. go to control-center
7. unlock in users area
8. press - to delete EU

no luck, no error, nothing...

Comment 8 Vladimir Benes 2015-07-14 14:12:06 UTC
(In reply to Vladimir Benes from comment #6)
> this still seems to be buggy:
> 
> 1. create ipa setup with an enterprise user (EU)
> 2. add EU via gnome-initial-setup
> 3. log in the EU via gdm
> 4. log out
> 5. log in other user
> 6. go to control-center
> 7. unlock in users area
> 8. press - to delete EU
> 
> no luck, no error, nothing...

actually it works now.. something had to be incorrect previously. tested under root and wheel user.

moving back to ON_QA

Comment 9 Vladimir Benes 2015-07-14 15:50:04 UTC
uff, so I have slightly more details, after logging the EU and relogging as other user (non root non wheel) I cannot delete the EU.  so moving back to ASSIGNED

Comment 10 Ondrej Holy 2015-07-15 11:17:05 UTC
It seems to me it isn't possible to remove enterprise user account once the enterprise user has been logged in to the system (I think it is independent on non root or non wheel). It is also reproducible on Fedora 22.

control-center removes the account from permitted logins using realmd and uncache user from the accountsservice. Account is successfully removed from permitted logins (see "realm list") and also successfully uncached (see "/var/lib/AccountsService/users"). Consequently it isn't possible to log in as the enterprise user anymore, however accountsservice still see the account from some reason...

So I suppose this is rather realmd, or accountsservice bug. Ray, what do you think?

Comment 11 Ondrej Holy 2015-07-15 11:20:16 UTC
(In reply to Ondrej Holy from comment #10)
> It seems to me it isn't possible to remove enterprise user account once the
> enterprise user has been logged in to the system (I think it is independent
> on non root or non wheel). It is also reproducible on Fedora 22.

However it isn't possible to create new enterprise accounts using control-center in Fedora 22 currently due to:
https://bugzilla.gnome.org/show_bug.cgi?id=752405

Comment 12 Ray Strode [halfline] 2015-07-15 13:30:16 UTC
presumably the user is in wtmp so showing up that way.

Comment 13 Ray Strode [halfline] 2015-07-20 19:25:20 UTC
indeed, sudo rm -f /var/log/wtmp makes it start working.

two ideas:

1) make UncacheUser keep the cache file around but mark the user as uncached so the user gets filtered from the results even if wtmp records the user

2) prune the user from wtmp


The latter I don't like since wtmp is a historical record. Anyway the control-center part of this is done and working (provided wtmp gets removed), so will clone for accountsservice

Comment 19 errata-xmlrpc 2015-11-19 08:25:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2157.html


Note You need to log in before you can comment on or make changes to this bug.