Bug 1576053 - Cannot login as administrator if you set up enterprise login in gnome-initial-setup
Summary: Cannot login as administrator if you set up enterprise login in gnome-initial...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-initial-setup
Version: 34
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Rui Matos
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-08 16:25 UTC by João Rodrigues
Modified: 2021-05-03 13:48 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-03 13:48:37 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Gitlab GNOME gnome-initial-setup issues 80 0 None None None 2019-07-23 14:01:43 UTC

Description João Rodrigues 2018-05-08 16:25:20 UTC
Description of problem:

During the gnome-initial-setup phase, if you choose to "set up enterprise login" to set up an active directory user, your domain user doesn't get added to the wheel group.
So you can't sudo and you can't su because the option to choose the root account's password during install was removed.


Version-Release number of selected component (if applicable): 28


How reproducible: always


Steps to Reproduce:
1. Install Fedora 28
2. Navigate the gnome-initial-setup screens up to the account creation phase
3. Click on "Set Up Enterprise Login"
4. Fill in the active directory domain and your ad user and password
5. Fill in the hostname, the active directory administrator's name and password
6. Login with your domain user and password
7. Open a terminal, try to sudo

Actual results:
You can't sudo because your user isn't in the wheel group.
You can't su because the root account is disabled.
pkexec asks for "Administrator" password; I tried the domain Administrator's password, my user's password and no password. Nothing worked.


Expected results:
Have a way to perform administrative tasks, either by enabling the root account or by having the user in the wheel group


Additional info:
The files in /etc/skel weren't copied to the domain user's home;
Two directories were created in /home: /home/aduser and /home/aduser@addomain;
Both directories have the same owner and group;

Comment 1 João Rodrigues 2018-05-08 16:46:09 UTC
Workaround:

Open a shell in initrd, mount /sysroot as read-write and edit /sysroot/etc/group

Steps:
1. Reboot
2. In grub press "e" to edit the menu entry
3. Search for a line that starts either with linux16 or linuxefi and append the string " rd.break"
4. Press ctrl+x
5. Mount the /sysroot as read-write: mount -oremount,rw /sysroot
6. Open /sysroot/etc/group in a text editor
7. search for the line "wheel:x:10:" and append your user
8. You may run into selinux issues, so either set it to permissive (edit /sysroot/etc/selinux/config) or touch /sysroot/.autorelabel
9. reboot again
10. If in step 8 you set selinux to permissive, restorecon /etc/group and reset selinux back to enforcing and reboot again.

Comment 2 Jakub Pisarczyk 2019-01-08 13:20:08 UTC
The same for Fedora 29

Comment 3 Ben Cotton 2019-05-02 19:17:53 UTC
This message is a reminder that Fedora 28 is nearing its end of life.
On 2019-May-28 Fedora will stop maintaining and issuing updates for
Fedora 28. It is Fedora's policy to close all bug reports from releases
that are no longer maintained. At that time this bug will be closed as
EOL if it remains open with a Fedora 'version' of '28'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 28 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 4 Ben Cotton 2019-05-02 20:03:42 UTC
This message is a reminder that Fedora 28 is nearing its end of life.
On 2019-May-28 Fedora will stop maintaining and issuing updates for
Fedora 28. It is Fedora's policy to close all bug reports from releases
that are no longer maintained. At that time this bug will be closed as
EOL if it remains open with a Fedora 'version' of '28'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 28 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 5 Ben Cotton 2019-05-28 23:32:55 UTC
Fedora 28 changed to end-of-life (EOL) status on 2019-05-28. Fedora 28 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 6 Michael Catanzaro 2019-05-29 00:44:07 UTC
João, since this is an upstream bug and the desired fix is not immediately clear, would you mind reporting it at https://gitlab.gnome.org/GNOME/gnome-initial-setup/issues?

Comment 7 Rodolfo Gouveia 2019-07-23 08:40:49 UTC
I've experienced this myself on a fresh Fedora 30 install today.
I've reported this under https://gitlab.gnome.org/GNOME/gnome-initial-setup/issues/80

Comment 8 Ben Cotton 2019-08-13 16:49:02 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.

Comment 9 Ben Cotton 2020-11-03 15:00:45 UTC
This message is a reminder that Fedora 31 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 31 on 2020-11-24.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '31'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 31 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 10 Ben Cotton 2020-11-24 18:50:01 UTC
Fedora 31 changed to end-of-life (EOL) status on 2020-11-24. Fedora 31 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 11 Oliver Gutiérrez 2021-05-03 11:03:02 UTC
This is still happening in Fedora 34. The user I used for enterprise login is not added to sudoers, and when I try to do any administrative task, I'm asked for the "Administrator" password. Even using the domain admin password, it does not allow me to do any privileged task.

Tried also to login as the domain admin via "su" using the correct password.

[pepe@FC.AD@fedora ~]$ su - Administrator@FC.AD
Password: 
su: Permission denied


This one was using a wrong password

[pepe@FC.AD@fedora ~]$ su - Administrator@FC.AD
Password: 
su: Authentication failure


Tried to do a sudo

[pepe@FC.AD@fedora ~]$ sudo bash
[sudo] password for pepe@FC.AD: 
Your password will expire in 1 day(s).
pepe@FC.AD is not in the sudoers file.  This incident will be reported.

Comment 12 Michael Catanzaro 2021-05-03 13:48:37 UTC
This is an upstream bug: https://gitlab.gnome.org/GNOME/gnome-initial-setup/-/issues/80

If you use enterprise login and want to help fix it, please comment there. Otherwise it's not going to be fixed....


Note You need to log in before you can comment on or make changes to this bug.