Description of problem: Same problem than https://bugzilla.redhat.com/show_bug.cgi?id=1796544 closed by EOL Unable to login from GDM to an Active Directory Account : Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: gkr-pam: unable to locate daemon control file Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: gkr-pam: stashed password to try later in open session Dec 04 22:23:07 w-dij-inf-2-lnx gdm-password][1624]: pam_sss(gdm-password:account): Access denied for user juliette.canard: 6 (Autorisation refusée) Version-Release number of selected component (if applicable): Fedora 33 Workstation How reproducible: Always Steps to Reproduce: 1. Install fedora Workstation 33 2. After installing add a local account 3. From this local account, join to domain adding in the GNOME control center an account which can join computers on domain 4. Logout 5. try to login with an other account which is in the Active Directory on GDM Actual results: Sorry, unable to connect Expected results: Connection Additional info: Connecting from the local account into the terminal (gnome-terminal) with command line (su - user) works
Hi, I think the gkr-pam messages are not related to the failure. The log clearly says that the login failed during the access control step. Can you attached the sssd.conf file to understand which kind of access control is configured? Additionally, can you add the PAM related log messages (if any) covering 'su - user'. bye, Sumit
sssd.conf : [sssd] domains = LINUXTRICKS.LAN config_file_version = 2 services = nss, pam [domain/LINUXTRICKS.LAN] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = LINUXTRICKS.LAN realmd_tags = joined-with-samba id_provider = ad fallback_homedir = /home/%u@%d ad_domain = LINUXTRICKS.LAN use_fully_qualified_names = True ldap_id_mapping = True simple_allow_users = $, adrien.linuxtricks access_provider = simple
I join the domain with adrien.linuxtricks account. this account can connect with success : déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=adrien.linuxtricks déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: gkr-pam: unable to locate daemon control file déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: gkr-pam: stashed password to try later in open session déc. 05 21:39:24 w-lyo-tec-5 gdm-password][3033]: pam_unix(gdm-password:account): password for user adrien.linuxtricks will expire in 32765 days déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: USER_ACCT pid=3033 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="adrien.linuxtricks" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 21:39:24 w-lyo-tec-5 gnome-shell[2633]: Can't update stage views actor StLabel is on because it needs an allocation. déc. 05 21:39:24 w-lyo-tec-5 gnome-shell[2633]: Can't update stage views actor ClutterText is on because it needs an allocation. déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: CRED_ACQ pid=3033 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="adrien.linuxtricks" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 21:39:24 w-lyo-tec-5 audit[3033]: USER_ROLE_CHANGE pid=3033 uid=0 auid=1876401104 ses=6 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Created slice User Slice of UID 1876401104. déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Starting User Runtime Directory /run/user/1876401104... déc. 05 21:39:24 w-lyo-tec-5 systemd-logind[823]: [🡕] New session 6 of user adrien.linuxtricks. déc. 05 21:39:24 w-lyo-tec-5 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1876401104 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Finished User Runtime Directory /run/user/1876401104. déc. 05 21:39:24 w-lyo-tec-5 systemd[1]: Starting User Manager for UID 1876401104... déc. 05 21:39:24 w-lyo-tec-5 systemd[3042]: pam_unix(systemd-user:account): password for user adrien.linuxtricks will expire in 0 days
Test to connect with CLI from local account : [admin@w-lyo-tec-5 ~]$ LANG=C su - adrien.linuxtricks Password: Warning: your password will expire in 0 days. Last login: Sat Dec 5 21:41:34 CET 2020 on pts/0 And log with the initial account : déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_sss(su-l:auth): authentication success; logname= uid=1000 euid=0 tty=pts/1 ruser=admin rhost= user=adrien.linuxtricks déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_AUTH pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_unix(su-l:account): password for user adrien.linuxtricks will expire in 0 days déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_ACCT pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:01 w-lyo-tec-5 su[5061]: (to adrien.linuxtricks) admin on pts/1 déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: CRED_ACQ pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_unix(su-l:session): session opened for user adrien.linuxtricks(uid=1876401104) by (uid=1000) déc. 05 21:44:01 w-lyo-tec-5 su[5061]: pam_lastlog(su-l:session): username too long, output might be inaccurate déc. 05 21:44:01 w-lyo-tec-5 audit[5061]: USER_START pid=5061 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_umask,pam_xauth acct="adrien.linuxtricks" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:05 w-lyo-tec-5 systemd[1]: systemd-localed.service: Succeeded. déc. 05 21:44:05 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=94 op=UNLOAD déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=93 op=UNLOAD déc. 05 21:44:05 w-lyo-tec-5 audit: BPF prog-id=92 op=UNLOAD Test to connect an other account : [admin@w-lyo-tec-5 ~]$ LANG=C su - juliette.canard Password: Warning: your password will expire in 0 days. su: Permission denied An the log : éc. 05 21:44:47 w-lyo-tec-5 audit[5104]: USER_AUTH pid=5104 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss acct="juliette.canard" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=success' déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_sss(su-l:auth): authentication success; logname= uid=1000 euid=0 tty=pts/1 ruser=admin rhost= user=juliette.canard déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_unix(su-l:account): password for user juliette.canard will expire in 0 days déc. 05 21:44:47 w-lyo-tec-5 audit[5104]: USER_ACCT pid=5104 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=? acct="juliette.canard" exe="/usr/bin/su" hostname=w-lyo-tec-5 addr=? terminal=pts/1 res=failed' déc. 05 21:44:47 w-lyo-tec-5 su[5104]: pam_sss(su-l:account): Access denied for user juliette.canard: 6 (Autorisation refusée) déc. 05 21:44:47 w-lyo-tec-5 su[5104]: FAILED SU (to juliette.canard) admin on pts/1
Your sssd configuration only permits login as a single user, e.g. 'simple_allow_users' statement and 'access_provider = simple'. Nothing else can pass through, as per the configuration. This is not a bug -- it is the setup you have as part of the join process. If you want something else, make sure your configuration allows it.
After removing simple_allow_users = $, adrien.linuxtricks And updated access_provider = simple to access_provider = ad I can connect with juliette.canard with "su", but after logging on GDM, the screen freeze and i always see the password with °°°°°°° symbols. The GNOME session doesn't open
So, please re-start with gdm logs to see the exact error message. Things to check: - whether a new user has a home directory and it is owned by this user - whether gnome is able to write to that home directory upon startup - is there anything suspicious in the logs after logon
I rebooted the system. See the full log from entering password to gdm (logs stops after the last line below) : déc. 05 22:14:44 w-lyo-tec-5 systemd[1]: systemd-hostnamed.service: Succeeded. déc. 05 22:14:44 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:14:44 w-lyo-tec-5 audit: BPF prog-id=39 op=UNLOAD déc. 05 22:14:44 w-lyo-tec-5 audit: BPF prog-id=38 op=UNLOAD déc. 05 22:14:45 w-lyo-tec-5 systemd[1]: Starting SSSD Kerberos Cache Manager... déc. 05 22:14:45 w-lyo-tec-5 systemd[1]: Started SSSD Kerberos Cache Manager. déc. 05 22:14:45 w-lyo-tec-5 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:14:45 w-lyo-tec-5 kcm[1590]: Starting up déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_AUTH pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: unable to locate daemon control file déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: stashed password to try later in open session déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:account): password for user juliette.canard will expire in 32766 days déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_ACCT pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: CRED_ACQ pid=1581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty1 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: Gdm: could not save session and language settings déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_ROLE_CHANGE pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_systemd(gdm-password:session): Failed to get user record: Aucun processus de ce type déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:session): session opened for user juliette.canard(uid=1876402105) by (uid=0) déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: unable to locate daemon control file déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring déc. 05 22:14:45 w-lyo-tec-5 audit[1581]: USER_START pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: GLib-GObject: invalid uninstantiatable type '(null)' in cast to 'GObject' déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: GLib-GObject: g_object_set_data: assertion 'G_IS_OBJECT (object)' failed déc. 05 22:14:51 w-lyo-tec-5 kernel: rfkill: input handler enabled déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activating service name='org.freedesktop.systemd1' requested by ':1.0' (uid=1876402105 pid=1599 comm="/usr/libexec/gdm-wayland-session /usr/bin/gnome-se" label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1 déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1599]: Unable to register display with display manager déc. 05 22:14:51 w-lyo-tec-5 gdm-password][1581]: pam_unix(gdm-password:session): session closed for user juliette.canard déc. 05 22:14:51 w-lyo-tec-5 audit[1581]: USER_END pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:51 w-lyo-tec-5 audit[1581]: CRED_DISP pid=1581 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=w-lyo-tec-5 addr=? terminal=/dev/tty2 res=success' déc. 05 22:14:51 w-lyo-tec-5 kernel: rfkill: input handler disabled déc. 05 22:14:51 w-lyo-tec-5 gdm[950]: Gdm: GdmDisplay: Session never registered, failing déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output déc. 05 22:14:51 w-lyo-tec-5 gsd-color[1165]: unable to get EDID for xrandr-Virtual-1: unable to get EDID for output déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: The XKEYBOARD keymap compiler (xkbcomp) reports: déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > Warning: Unsupported maximum keycode 569, clipping. déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > X11 cannot support keycodes above 255. déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: > Internal error: Could not resolve keysym XF86FullScreen déc. 05 22:14:51 w-lyo-tec-5 org.gnome.Shell.desktop[1631]: Errors from xkbcomp are not fatal to the X server déc. 05 22:14:51 w-lyo-tec-5 geoclue[1132]: Service not used for 60 seconds. Shutting down.. déc. 05 22:14:51 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:14:51 w-lyo-tec-5 systemd[1]: geoclue.service: Succeeded. déc. 05 22:14:53 w-lyo-tec-5 realmd[1359]: quitting realmd service after timeout déc. 05 22:14:53 w-lyo-tec-5 realmd[1359]: stopping service déc. 05 22:14:53 w-lyo-tec-5 systemd[1]: realmd.service: Succeeded. déc. 05 22:14:53 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=realmd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 05 22:15:48 w-lyo-tec-5 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=libvirtd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Tryied with SElinux disabled : same problem. Floder successfully created and with the good permissions : [root@w-lyo-tec-5 ~]# ls -l /home total 0 drwx------. 1 admin admin 294 5 déc. 21:37 admin drwxr-xr-x. 1 adrien.linuxtricks utilisateurs du domaine 294 5 déc. 21:44 adrien.linuxtricks drwxr-xr-x. 1 juliette.canard utilisateurs du domaine 92 5 déc. 21:48 juliette.canard
A removed the Fedora and added again with CLI (realm join) No problems. I think there are some problems with graphical steps or it's not complete integration ?
(In reply to Adrien D from comment #9) > A removed the Fedora and added again with CLI (realm join) > > No problems. > > I think there are some problems with graphical steps or it's not complete > integration ? Hi, I think the graphical steps are basically the same, they just call 'realm permit' as well to only allow the given user to log in. Can you add the logs from the working setup which correspond to the ones from comment #8? My guess it that it is related to déc. 05 22:14:45 w-lyo-tec-5 gdm-password][1581]: pam_systemd(gdm-password:session): Failed to get user record: Aucun processus de ce type ... déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1602]: dbus-daemon[1602]: [session uid=1876402105 pid=1602] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1 déc. 05 22:14:51 w-lyo-tec-5 /usr/libexec/gdm-wayland-session[1599]: Unable to register display with display manager but it would be helpful to have the working logs for reference. bye, Sumit
Hi, The log with successfull opening session for Juliette.CANARD from GDM after joining in CLI : déc. 07 21:17:38 W-DIJ-FEDO-1 systemd[1]: Starting SSSD Kerberos Cache Manager... déc. 07 21:17:38 W-DIJ-FEDO-1 systemd[1]: Started SSSD Kerberos Cache Manager. déc. 07 21:17:38 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:38 W-DIJ-FEDO-1 kcm[1642]: Starting up déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=juliette.canard déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_AUTH pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_usertype,pam_usertype,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: unable to locate daemon control file déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: stashed password to try later in open session déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_ACCT pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: CRED_ACQ pid=1616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_sss,pam_gnome_keyring acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty1 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_ROLE_CHANGE pid=1616 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty2 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Created slice User Slice of UID 1876402105. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Starting User Runtime Directory /run/user/1876402105... déc. 07 21:17:39 W-DIJ-FEDO-1 systemd-logind[841]: [🡕] New session 4 of user juliette.canard. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Finished User Runtime Directory /run/user/1876402105. déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1876402105 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Starting User Manager for UID 1876402105... déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_ACCT pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="juliette.canard" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: CRED_ACQ pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="juliette.canard" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_ROLE_CHANGE pid=1648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: pam_unix(systemd-user:session): session opened for user juliette.canard(uid=1876402105) by (uid=0) déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1648]: USER_START pid=1648 uid=0 auid=1876402105 ses=5 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss acct="juliette.canard" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 audit: BPF prog-id=51 op=LOAD déc. 07 21:17:39 W-DIJ-FEDO-1 audit: BPF prog-id=51 op=UNLOAD déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: /etc/xdg/autostart/org.freedesktop.problems.applet.desktop:91: Unknown key name 'DBusActivatable' in section 'Desktop Entry', ignoring. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dssh-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Rfkill-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.MediaKeys-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Keyboard-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-spice\x2dvdagent-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Sound-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-xdg\x2duser\x2ddirs-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gsettings\x2ddata\x2dconvert-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Wwan-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-at\x2dspi\x2ddbus\x2dbus-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.A11ySettings-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.XSettings-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Housekeeping-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Sharing-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Power-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.UsbProtection-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.ScreensaverProxy-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-pulseaudio-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Color-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Datetime-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-liveinst\x2dsetup-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dsecrets-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dinitial\x2dsetup\x2dcopy\x2dworker-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Wacom-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.PrintNotifications-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-gnome\x2dkeyring\x2dpkcs11-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: gnome-systemd-autostart-condition not found: No such file or directory déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1663]: Not generating service for XDG autostart app-org.gnome.SettingsDaemon.Smartcard-autostart.service, startup phases are not supported. déc. 07 21:17:39 W-DIJ-FEDO-1 uresourced[1033]: Setting resources on user-1876402105.slice (MemoryMin: 0, MemoryLow: 0, CPUWeight: 100, IOWeight: 100) déc. 07 21:17:39 W-DIJ-FEDO-1 uresourced[1033]: Setting resources on user (MemoryMin: 0, MemoryLow: 0, CPUWeight: 100, IOWeight: 100) déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Queued start job for default target Main User Target. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Started Mark boot as successful after the user session has run 2 minutes. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Started Daily Cleanup of User's Temporary Directories. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Paths. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Timers. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Starting D-Bus User Message Bus Socket. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on Multimedia System. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on Sound System. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Starting Create User's Volatile Files and Directories... déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Finished Create User's Volatile Files and Directories. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Listening on D-Bus User Message Bus Socket. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Sockets. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Basic System. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Reached target Main User Target. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1648]: Startup finished in 121ms. déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Started User Manager for UID 1876402105. déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1876402105 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 systemd[1]: Started Session 4 of user juliette.canard. déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: pam_unix(gdm-password:session): session opened for user juliette.canard(uid=1876402105) by (uid=0) déc. 07 21:17:39 W-DIJ-FEDO-1 gdm-password][1616]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring déc. 07 21:17:39 W-DIJ-FEDO-1 audit[1616]: USER_START pid=1616 uid=0 auid=1876402105 ses=4 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_gnome_keyring,pam_umask acct="juliette.canard" exe="/usr/libexec/gdm-session-worker" hostname=W-DIJ-FEDO-1 addr=? terminal=/dev/tty2 res=success' déc. 07 21:17:39 W-DIJ-FEDO-1 gnome-shell[1137]: Can't update stage views actor StLabel is on because it needs an allocation. déc. 07 21:17:39 W-DIJ-FEDO-1 gnome-shell[1137]: Can't update stage views actor ClutterText is on because it needs an allocation. déc. 07 21:17:41 W-DIJ-FEDO-1 systemd[1]: systemd-hostnamed.service: Succeeded. déc. 07 21:17:41 W-DIJ-FEDO-1 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
just FYI I'm hitting a "gkr-pam: unable to locate daemon control file" that's completely unrelated to sssd, see new Bug 1910424.
Hi, I guess the issue is most likely connected to https://github.com/systemd/systemd/issues/15149 as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1796544#c7 which should be fixed in current version of Fedora. Closing the ticket here. bye, Sumit