Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1815412 - Login to Gnome with AD fully qualified user name fails after upgrade to F32
Summary: Login to Gnome with AD fully qualified user name fails after upgrade to F32
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 32
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-20 08:08 UTC by th.schoel
Modified: 2020-06-05 02:29 UTC (History)
9 users (show)

Fixed In Version: systemd-245.6-2.fc32
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-06-05 02:29:24 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description th.schoel 2020-03-20 08:08:14 UTC
Description of problem:
After the upgrade to F32 login to Gnome fails with fully qualified user names from an AD. The machine was joined to the AD in an earlier version of Fedora. At the time, realmd automatically set the `use_fully_qualified_names` to `True` in `/etc/sssd/sssd.conf`. This led to user names of the form “user”.

Systemd refuses to accept such usernames with recent releases. There was a fix to make it accept user names with dots (see the bug https://bugs.gentoo.org/708824 in Gentoo and the related pull request https://github.com/systemd/systemd/pull/13244 for systemd). Yet, the @-character is not white-listed there.

Now, under these conditions, logging into Gnome fails and the system journal shows “pam_systemd(gdm-password:session): Failed to get user record: Invalid argument”. Login to the terminal succeeds. Loggin in with a local, plain username (no dots, no @s) succeeds. Login to gnome with domain accounts succeeds after setting `use_fully_qualified_names` to `False` in `/etc/sssd/sssd.conf` and then using the unqualified name.

Version-Release number of selected component (if applicable):
245.2

How reproducible:
Always

Steps to Reproduce:
1. Create a user account of the form “user”. useradd does not allow that, so it may be necessary to go through sssd as described above
2. Try to log in to Gnome
3.

Actual results:
Login fails, system journal says “pam_systemd(gdm-password:session): Failed to get user record: Invalid argument”

Expected results:
Login succeeds

Additional info:

Comment 1 Zbigniew Jędrzejewski-Szmek 2020-04-02 08:18:26 UTC
https://github.com/systemd/systemd/issues/15090

Comment 2 Daniel 2020-04-29 07:17:15 UTC
Same problem here, the update broke login for AD members. The use_fully_qualified_names = False workaround works, but shouldn't be needed

Comment 3 Fedora Update System 2020-05-31 10:54:05 UTC
FEDORA-2020-dd43dd05b1 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1

Comment 4 Fedora Update System 2020-06-01 03:12:28 UTC
FEDORA-2020-dd43dd05b1 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-dd43dd05b1`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Fedora Update System 2020-06-02 10:10:21 UTC
FEDORA-2020-dd43dd05b1 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1

Comment 6 Fedora Update System 2020-06-03 03:11:25 UTC
FEDORA-2020-dd43dd05b1 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-dd43dd05b1`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2020-06-05 02:29:24 UTC
FEDORA-2020-dd43dd05b1 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.