View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0016757||CentOS-8||sssd||public||2019-11-20 17:40||2020-01-09 16:48|
|Target Version||Fixed in Version|
|Summary||0016757: When "default_domain_suffix" is for SSSD GDM fails to start freezing graphical.target boot|
|Description||When the default_domain_suffix parameter is enabled in the [sssd] section of the /etc/sssd/sssd.conf file the "firstname.lastname@example.org" (GDM) fails to start with an error message of unix_chkpwd: could not obtain user info (gdm@implicit_files). This causes the boot to hang indefinitely waiting for the failed User Manager to start.|
When the service fails to start journal -xe shows the following error
unix_chkpwd: could not obtain user info (gdm@implicit_files)
If I boot the system to the multi-user target and log in to root and type id gdm I get uid=42(gdm@implicit_files) it looks like it should work.
|Steps To Reproduce||Join an AD with the realm command.|
(followed the directions posted here: https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/) in case the issue is with their directions.
Did not add the default suffix at this time.
Log with AD user.
Add a "default_domain_suffix" parameter to the sssd.conf file.
Reboot the system
Wait for it to hang
use realm to join an AD
Log in with an AD user.
reboot into the multi-user target
add or comment out the default_domain_suffix line
systemctl restart sssd
systemctl restart email@example.com
if default_domain_suffix is set then firstname.lastname@example.org will fail to start
if default_domain_suffix is not set the email@example.com will start
|Additional Information||The linux machine gets AD information from a Microsoft Windows Server.|
I am using NFS home directories.
|Tags||chkpwd, default_domain_suffix, sssd, sssd.conf|
|Did you find a solution to this issue? I'm also affected by this issue.|
I was trying to join a Centos 8 machine as a member of the domain so that users could login with the same username and password as our windows machines as well as share a couple of file systems with the windows machines. If I didn't set default_domain_suffix then the user could get multiple home directories generated for example /home/username and /home/username@realm. I was able to work around this issue by setting use_fully_qualified_names to False under [domain/my.realm.com] in the /etc/sssd/sssd.conf. The downside would be the case where you have multiple domains. We do have multiple domain here but only one of them would ever use these machines, so in my case it is not an issue.
Additionally, to share file systems to the Windows machines I had to install (dnf install libsss_idmap) which allows winbind (backend = sss) to use sssd for UIDs and GIDs so that when users access they system from either linux or windows uids and gids will be mapped in the same way. The online tutorials I found lacked installation of this library and tracking this down was much more challenging than it should have been.
I think a fix might be to adjust the order in nsswitch to use files ahead of sss but I didn't try this.
|2019-11-20 17:40||jlovelace||New Issue|
|2019-11-20 17:40||jlovelace||Tag Attached: chkpwd|
|2019-11-20 17:40||jlovelace||Tag Attached: default_domain_suffix|
|2019-11-20 17:40||jlovelace||Tag Attached: sssd|
|2019-11-20 17:40||jlovelace||Tag Attached: sssd.conf|
|2020-01-08 22:30||mabarkdoll||Note Added: 0035976|
|2020-01-09 16:48||jlovelace||Note Added: 0035987|