1904592 – gkr-pam: unable to locate daemon control file

Bug 1904592 - gkr-pam: unable to locate daemon control file

Summary: gkr-pam: unable to locate daemon control file

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sssd
Sub Component:
Version:	33
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Sumit Bose
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-12-04 21:26 UTC by Adrien D
Modified:	2021-02-23 10:52 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-02-23 10:52:49 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Adrien D 2020-12-04 21:26:54 UTC

Description of problem:
Same problem than https://bugzilla.redhat.com/show_bug.cgi?id=1796544 closed by EOL

Unable to login from GDM to an Active Directory Account :

Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard
Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: gkr-pam: unable to locate daemon control file
Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: gkr-pam: stashed password to try later in open session
Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: pam_sss(gdm-password:account): Access denied for user juliette.canard: 6 (Autorisation refusée)


Version-Release number of selected component (if applicable):
Fedora 33 Workstation

How reproducible:
Always

Steps to Reproduce:
1. Install fedora Workstation 33
2. After installing add a local account
3. From this local account,  join to domain adding in the GNOME control center an account which can join computers on domain
4. Logout
5. try to login with an other account which is in the Active Directory on GDM

Actual results:
Sorry, unable to connect

Expected results:
Connection

Additional info:
Connecting from the local account into the terminal (gnome-terminal) with command line (su - user) works

Comment 1 Sumit Bose 2020-12-05 11:14:09 UTC

Hi,

I think the gkr-pam messages are not related to the failure. The log clearly says that the login failed during the access control step. Can you attached the sssd.conf file to understand which kind of access control is configured? Additionally, can you add the PAM related log messages (if any) covering 'su - user'.

bye,
Sumit

Comment 2 Adrien D 2020-12-05 20:38:57 UTC

sssd.conf : 

[sssd]
domains = LINUXTRICKS.LAN
config_file_version = 2
services = nss, pam

[domain/LINUXTRICKS.LAN]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = LINUXTRICKS.LAN
realmd_tags = joined-with-samba 
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = LINUXTRICKS.LAN
use_fully_qualified_names = True
ldap_id_mapping = True
simple_allow_users = $, adrien.linuxtricks
access_provider = simple

Comment 3 Adrien D 2020-12-05 20:41:08 UTC

I join the domain with adrien.linuxtricks account.

this account can connect with success :

déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=adrien.linuxtricks
déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: gkr-pam: unable to locate daemon control file
déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: gkr-pam: stashed password to try later in open session
déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: pam_unix(gdm-password:account): password for user adrien.linuxtricks will expire in 32765 days
déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: USER_ACCT pid=3033 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="adrien.linuxtricks" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success'
déc. 05 21:39:24 w-lyo-tec-5 gnome-shell[2633]: Can't update stage views actor StLabel is on because it needs an allocation.
déc. 05 21:39:24 w-lyo-tec-5 gnome-shell[2633]: Can't update stage views actor ClutterText is on because it needs an allocation.
déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: CRED_ACQ pid=3033 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="adrien.linuxtricks" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success'
déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: USER_ROLE_CHANGE pid=3033 uid=0 auid=1876401104 ses=6 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success'
déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Created slice User Slice of UID 1876401104.
déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Starting User Runtime Directory /run/user/1876401104...
déc. 05 21:39:24 w-lyo-tec-5 systemd-logind[823]: [🡕] New session 6 of user adrien.linuxtricks.
déc. 05 21:39:24 w-lyo-tec-5 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1876401104 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Finished User Runtime Directory /run/user/1876401104.
déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Starting User Manager for UID 1876401104...
déc. 05 21:39:24 w-lyo-tec-5 systemd[3042]: pam_unix(systemd-user:account): password for user adrien.linuxtricks will expire in 0 days

Comment 4 Adrien D 2020-12-05 20:45:07 UTC

Test to connect with CLI from local account : 

[admin@w-lyo-tec-5 ~]$ LANG=C su - adrien.linuxtricks
Password: 
Warning: your password will expire in 0 days.
Last login: Sat Dec  5 21:41:34 CET 2020 on pts/0

And log with the initial account :

déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_sss(su-l:auth): authentication success; logname= uid=1000 euid=0 tty=pts/1 ruser=admin rhost= user=adrien.linuxtricks
déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_AUTH pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success'
déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_unix(su-l:account): password for user adrien.linuxtricks will expire in 0 days
déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_ACCT pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success'
déc. 05 21:44:01 w-lyo-tec-5 su[5061]: (to adrien.linuxtricks) admin on pts/1
déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: CRED_ACQ pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success'
déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_unix(su-l:session): session opened for user adrien.linuxtricks(uid=1876401104) by (uid=1000)
déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_lastlog(su-l:session): username too long, output might be inaccurate
déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_START pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_umask,pam_xauth acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success'
déc. 05 21:44:05 w-lyo-tec-5 systemd[1]: systemd-localed.service: Succeeded.
déc. 05 21:44:05 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=94 op=UNLOAD
déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=93 op=UNLOAD
déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=92 op=UNLOAD



Test to connect an other account : 

[admin@w-lyo-tec-5 ~]$ LANG=C su - juliette.canard
Password: 
Warning: your password will expire in 0 days.
su: Permission denied


An the log : 

éc. 05 21:44:47 w-lyo-tec-5 audit[5104]: USER_AUTH pid=5104 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss acct="juliette.canard" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success'
déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_sss(su-l:auth): authentication success; logname= uid=1000 euid=0 tty=pts/1 ruser=admin rhost= user=juliette.canard
déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_unix(su-l:account): password for user juliette.canard will expire in 0 days
déc. 05 21:44:47 w-lyo-tec-5 audit[5104]: USER_ACCT pid=5104 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=? acct="juliette.canard" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=failed'
déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_sss(su-l:account): Access denied for user juliette.canard: 6 (Autorisation refusée)
déc. 05 21:44:47 w-lyo-tec-5 su[5104]: FAILED SU (to juliette.canard) admin on pts/1

Comment 5 Alexander Bokovoy 2020-12-05 20:53:24 UTC

Your sssd configuration only permits login as a single user, e.g. 'simple_allow_users' statement and 'access_provider = simple'. Nothing else can pass through, as per the configuration.

This is not a bug -- it is the setup you have as part of the join process. If you want something else, make sure your configuration allows it.

Comment 6 Adrien D 2020-12-05 20:56:08 UTC

After removing

simple_allow_users = $, adrien.linuxtricks

And updated
access_provider = simple
to 
access_provider = ad

I can connect with juliette.canard with "su", but after logging on GDM, the screen freeze and i always see the password with °°°°°°° symbols. The GNOME session doesn't open

Comment 7 Alexander Bokovoy 2020-12-05 21:03:49 UTC

So, please re-start with gdm logs to see the exact error message.

Things to check:
 - whether a new user has a home directory and it is owned by this user
 - whether gnome is able to write to that home directory upon startup
 - is there anything suspicious in the logs after logon

Comment 8 Adrien D 2020-12-05 21:17:30 UTC

I rebooted the system.

See the full log from entering password to gdm (logs stops after the last line below) : 

déc. 05 22:14:44 w-lyo-tec-5 systemd[1]: systemd-hostnamed.service: Succeeded.
déc. 05 22:14:44 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 05 22:14:44 w-lyo-tec-5 audit: BPF prog-id=39 op=UNLOAD
déc. 05 22:14:44 w-lyo-tec-5 audit: BPF prog-id=38 op=UNLOAD
déc. 05 22:14:45 w-lyo-tec-5 systemd[1]: Starting SSSD Kerberos Cache Manager...
déc. 05 22:14:45 w-lyo-tec-5 systemd[1]: Started SSSD Kerberos Cache Manager.
déc. 05 22:14:45 w-lyo-tec-5 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 05 22:14:45 w-lyo-tec-5 kcm[1590]: Starting up
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard
déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_AUTH pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success'
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: unable to locate daemon control file
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: stashed password to try later in open session
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:account): password for user juliette.canard will expire in 32766 days
déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_ACCT pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success'
déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: CRED_ACQ pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success'
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: Gdm: could not save session and language settings
déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_ROLE_CHANGE pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success'
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_systemd(gdm-password:session): Failed to get user record: Aucun processus de ce type
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:session): session opened for user juliette.canard(uid=1876402105) by (uid=0)
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: unable to locate daemon control file
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring
déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_START pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success'
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: GLib-GObject: invalid uninstantiatable type '(null)' in cast to 'GObject'
déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: GLib-GObject: g_object_set_data: assertion 'G_IS_OBJECT (object)' failed
déc. 05 22:14:51 w-lyo-tec-5 kernel: rfkill: input handler enabled
déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activating service name='org.freedesktop.systemd1' requested by ':1.0' (uid=1876402105 pid=1599 comm="/usr/libexec/gdm-wayland-session /usr/bin/gnome-se" label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1599]: Unable to register display with display manager
déc. 05 22:14:51 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:session): session closed for user juliette.canard
déc. 05 22:14:51 w-lyo-tec-5 audit[1581]: USER_END pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success'
déc. 05 22:14:51 w-lyo-tec-5 audit[1581]: CRED_DISP pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success'
déc. 05 22:14:51 w-lyo-tec-5 kernel: rfkill: input handler disabled
déc. 05 22:14:51 w-lyo-tec-5 gdm[950]: Gdm: GdmDisplay: Session never registered, failing
déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output
déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output
déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output
déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: The XKEYBOARD keymap compiler (xkbcomp) reports:
déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > Warning:          Unsupported maximum keycode 569, clipping.
déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: >                   X11 cannot support keycodes above 255.
déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > Internal error:   Could not resolve keysym XF86FullScreen
déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: Errors from xkbcomp are not fatal to the X server
déc. 05 22:14:51 w-lyo-tec-5 geoclue[1132]: Service not used for 60 seconds. Shutting down..
déc. 05 22:14:51 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 05 22:14:51 w-lyo-tec-5 systemd[1]: geoclue.service: Succeeded.
déc. 05 22:14:53 w-lyo-tec-5 realmd[1359]: quitting realmd service after timeout
déc. 05 22:14:53 w-lyo-tec-5 realmd[1359]: stopping service
déc. 05 22:14:53 w-lyo-tec-5 systemd[1]: realmd.service: Succeeded.
déc. 05 22:14:53 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=realmd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 05 22:15:48 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=libvirtd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'




Tryied with SElinux disabled : same problem.

Floder successfully created and with the good permissions :

[root@w-lyo-tec-5 ~]# ls -l /home
total 0
drwx------. 1 admin                              admin                                   294  5 déc.  21:37 admin
drwxr-xr-x. 1 adrien.linuxtricks utilisateurs du domaine 294  5 déc.  21:44 adrien.linuxtricks
drwxr-xr-x. 1 juliette.canard    utilisateurs du domaine  92  5 déc.  21:48 juliette.canard

Comment 9 Adrien D 2020-12-05 22:24:17 UTC

A removed the Fedora and added again with CLI (realm join)

No problems.

I think there are some problems with graphical steps or it's not complete integration ?

Comment 10 Sumit Bose 2020-12-07 10:02:53 UTC

(In reply to Adrien D from comment #9)
> A removed the Fedora and added again with CLI (realm join)
> 
> No problems.
> 
> I think there are some problems with graphical steps or it's not complete
> integration ?

Hi,

I think the graphical steps are basically the same, they just call 'realm permit' as well to only allow the given user to log in.

Can you add the logs from the working setup which correspond to the ones from comment #8? My guess it that it is related to 

    déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_systemd(gdm-password:session): Failed to get user record: Aucun processus de ce type
    ...
    déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
    déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1599]: Unable to register display with display manager

but it would be helpful to have the working logs for reference.

bye,
Sumit

Comment 11 Adrien D 2020-12-07 20:19:27 UTC

Hi, 

The log with successfull opening session for Juliette.CANARD from GDM after joining in CLI :



déc. 07 21:17:38 W-DIJ-FEDO-1 systemd[1]: Starting SSSD Kerberos Cache Manager...
déc. 07 21:17:38 W-DIJ-FEDO-1 systemd[1]: Started SSSD Kerberos Cache Manager.
déc. 07 21:17:38 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 07 21:17:38 W-DIJ-FEDO-1 kcm[1642]: Starting up
déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_AUTH pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: unable to locate daemon control file
déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: stashed password to try later in open session
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_ACCT pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: CRED_ACQ pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_ROLE_CHANGE pid=1616 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty2 res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Created slice User Slice of UID 1876402105.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Starting User Runtime Directory /run/user/1876402105...
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd-logind[841]: [🡕] New session 4 of user juliette.canard.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Finished User Runtime Directory /run/user/1876402105.
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1876402105 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Starting User Manager for UID 1876402105...
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_ACCT pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: CRED_ACQ pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="juliette.canard" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_ROLE_CHANGE pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: pam_unix(systemd-user:session): session opened for user juliette.canard(uid=1876402105) by (uid=0)
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_START pid=1648 uid=0 auid=1876402105 ses=5 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss acct="juliette.canard" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 audit: BPF prog-id=51 op=LOAD
déc. 07 21:17:39 W-DIJ-FEDO-1 audit: BPF prog-id=51 op=UNLOAD
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: /etc/xdg/autostart/org.freedesktop.problems.applet.desktop:91: Unknown key name 'DBusActivatable' in section 'Desktop Entry', ignoring.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dssh-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Rfkill-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.MediaKeys-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Keyboard-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-spice\x2dvdagent-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Sound-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-xdg\x2duser\x2ddirs-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gsettings\x2ddata\x2dconvert-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Wwan-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-at\x2dspi\x2ddbus\x2dbus-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.A11ySettings-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.XSettings-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Housekeeping-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Sharing-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Power-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.UsbProtection-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.ScreensaverProxy-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-pulseaudio-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Color-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Datetime-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-liveinst\x2dsetup-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dsecrets-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dinitial\x2dsetup\x2dcopy\x2dworker-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Wacom-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.PrintNotifications-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dpkcs11-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Smartcard-autostart.service, startup phases are not supported.
déc. 07 21:17:39 W-DIJ-FEDO-1 uresourced[1033]: Setting resources on user-1876402105.slice (MemoryMin: 0, MemoryLow: 0, CPUWeight: 100, IOWeight: 100)
déc. 07 21:17:39 W-DIJ-FEDO-1 uresourced[1033]: Setting resources on user (MemoryMin: 0, MemoryLow: 0, CPUWeight: 100, IOWeight: 100)
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Queued start job for default target Main User Target.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Started Mark boot as successful after the user session has run 2 minutes.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Started Daily Cleanup of User's Temporary Directories.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Paths.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Timers.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Starting D-Bus User Message Bus Socket.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on Multimedia System.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on Sound System.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Starting Create User's Volatile Files and Directories...
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Finished Create User's Volatile Files and Directories.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on D-Bus User Message Bus Socket.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Sockets.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Basic System.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Main User Target.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Startup finished in 121ms.
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Started User Manager for UID 1876402105.
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1876402105 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Started Session 4 of user juliette.canard.
déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: pam_unix(gdm-password:session): session opened for user juliette.canard(uid=1876402105) by (uid=0)
déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring
déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_START pid=1616 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty2 res=success'
déc. 07 21:17:39 W-DIJ-FEDO-1 gnome-shell[1137]: Can't update stage views actor StLabel is on because it needs an allocation.
déc. 07 21:17:39 W-DIJ-FEDO-1 gnome-shell[1137]: Can't update stage views actor ClutterText is on because it needs an allocation.
déc. 07 21:17:41 W-DIJ-FEDO-1 systemd[1]: systemd-hostnamed.service: Succeeded.
déc. 07 21:17:41 W-DIJ-FEDO-1 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Comment 12 Michael Vorburger.ch 2020-12-23 21:25:23 UTC

just FYI I'm hitting a "gkr-pam: unable to locate daemon control file" that's completely unrelated to sssd, see new Bug 1910424.

Comment 13 Sumit Bose 2021-02-23 10:52:49 UTC

Hi,

I guess the issue is most likely connected to https://github.com/systemd/systemd/issues/15149 as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1796544#c7 which should be fixed in current version of Fedora. Closing the ticket here.

bye,
Sumit

Note You need to log in before you can comment on or make changes to this bug.