Bug 1829572 - Login fails after upgrade fo Fedora 32
Summary: Login fails after upgrade fo Fedora 32
Keywords:
Status: ON_QA
Alias: None
Product: Fedora
Classification: Fedora
Component: nss_nis
Version: 32
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Matej Mužila
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-29 19:35 UTC by Thomas Clark
Modified: 2020-05-23 12:41 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description Thomas Clark 2020-04-29 19:35:55 UTC
Description of problem:

Following upgrade to Fedora 32, users are unable to login.  Authentication is by nis (and that seems to be the problem) with home directories mounted by automount.  

SSH login produces the following error:  "pam_systemd(sshd:session): Failed to get user record: Connection timed out" but login succeeds after the timeout.

Graphical login produces the following error:  "pam_systemd(gdm-password:session): Failed to get user record: Connection timed out" and login does not succeed.  The login screen briefly shows the "last login message" but then returns immediately to the login screen.


Version-Release number of selected component (if applicable):


How reproducible:

100%


Steps to Reproduce:
1.Upgrade to Fedora 32 while using NIS
2.Attempt to login
3.

Actual results:
Login fails


Expected results:
Login should succeed


Additional info:

Comment 1 Thomas Clark 2020-04-30 16:11:19 UTC
I have done some more testing; the problem is definitely NIS.  An strace on sshd shows that a connection is opened to to socket /run/systemd/userdb/io.systemd.Multiplexer with a 45-second timeout.  For both users, the initial request appears to fail on a username lookup.  However, for both users the second request is a lookup by uid.  The user in /etc/passwd gets a response immediately and is logged in immediately with a file in /run/systemd/users.  The NIS user does not get a response and times out after 45 seconds.  The user is successfully logged in, but without a file in /run/systemd/users.  Desktop login is failing for the NIS user because of no /run/systemd/users file.

Comment 2 Mike 2020-05-09 15:19:51 UTC
This was causing issues for me so I gave up waiting and I set up OpenLDAP and alongside LDAP Account Manager (LAM).  NIS has been retired here after several years service.

Mike.

Comment 3 Zbigniew Jędrzejewski-Szmek 2020-05-09 16:11:26 UTC
Sorry for the slow reply. Does this occur with selinux enabled? If yes, does enforcing=0 help?

Comment 4 Thomas Clark 2020-05-09 16:13:07 UTC
I already have enforcing=0.

Comment 5 Zbigniew Jędrzejewski-Szmek 2020-05-09 16:35:59 UTC
We probably need a same work-around as for logind. Could you please test the following:

cp /usr/lib/systemd/system/systemd-logind.service.d/nss_nis.conf /usr/lib/systemd/system/systemd-userdbd.service.d/nss_nis.conf
systemctl daemon-reload && systemctl restart systemd-userdbd

I don't have a nis setup at hand to test this unfortunately. If that works, I'd submit it as
PR for the nss_nis package.

Comment 6 Thomas Clark 2020-05-09 16:50:28 UTC
That indeed works!  I haven't figured out why yet, but I'll take it.  Thanks!

Comment 7 Zbigniew Jędrzejewski-Szmek 2020-05-10 20:04:14 UTC
https://src.fedoraproject.org/rpms/nss_nis/pull-request/1

Comment 8 Zbigniew Jędrzejewski-Szmek 2020-05-20 06:58:26 UTC
*** Bug 1837808 has been marked as a duplicate of this bug. ***

Comment 9 Zbigniew Jędrzejewski-Szmek 2020-05-20 13:22:10 UTC
Ping.

Comment 10 Edgar Hoch 2020-05-20 22:58:05 UTC
Maintainer, please build new packages with includes the fix (pull-request).

Comment 11 Fedora Update System 2020-05-21 08:24:47 UTC
FEDORA-2020-bb323f2ec3 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb323f2ec3

Comment 12 Fedora Update System 2020-05-22 04:23:45 UTC
FEDORA-2020-bb323f2ec3 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-bb323f2ec3`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb323f2ec3

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Thomas Clark 2020-05-22 13:28:31 UTC
The problem is resolved.  Thank you!

Comment 14 Attila 2020-05-23 12:41:58 UTC
(In reply to Zbigniew Jędrzejewski-Szmek from comment #5)
> We probably need a same work-around as for logind. Could you please test the
> following:
> 
> cp /usr/lib/systemd/system/systemd-logind.service.d/nss_nis.conf
> /usr/lib/systemd/system/systemd-userdbd.service.d/nss_nis.conf
> systemctl daemon-reload && systemctl restart systemd-userdbd

Thank you. It works for me too.


Note You need to log in before you can comment on or make changes to this bug.