Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1718156
Description of problem: Logging in with smartcard, there is no file for my user in /var/lib/AccountsService/users/ after login. pam_sss get my username from my smart card and puts it on the pam stack in fully qualified format: a001329@ad.example.com GDM debug log: Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: Enabling debugging Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: connecting to address: unix:abstract=/tmp/dbus-aSrXobDV Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: system OS is 'rhel' Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: system OS version is '8.0' Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: Failed to identify the current session: No data available Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: seat unloaded, so trying to set loaded property Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Seat wouldn't load, so giving up on it and setting loaded property Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: already loaded, so not setting loaded property Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to SETUP_COMPLETE Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: initializing PAM; service=gdm-smartcard username=(null) seat=seat0 Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_SEAT=seat0' Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state SETUP_COMPLETE Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to AUTHENTICATED Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: authenticating user (null) Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: 1 new messages received from PAM Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: username is 'a001329@ad.example.com' Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: old-username='<unset>' new-username='a001329@ad.example.com' Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: setting username to 'a001329@ad.example.com' Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to load user settings Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: trying to track new user with username a001329@ad.example.com Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329@ad.example.com' state 1 Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329@ad.example.com' state 2 Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Looking for user 'a001329@ad.example.com' in accounts service Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: received pam message of type 1 with payload 'PIN for Instant EID IP9' Jun 05 14:06:23 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: trying to get updated username Jun 05 14:06:23 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: PAM conversation returning 0: Success Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: pam_sss(gdm-smartcard:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=a001329@ad.example.com Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state AUTHENTICATED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: trying to get updated username Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: username is 'a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: old-username='a001329@ad.example.com' new-username='a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Found object path of user 'a001329@ad.example.com': /org/freedesktop/Accounts/User60483 Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329@ad.example.com' state 3 Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user 'a001329@ad.example.com' fetched Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user a001329 is now loaded Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user a001329 was not yet known, adding it Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: tracking user 'a001329' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: not yet loaded, so not emitting user-added signal Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: no pending users, trying to set loaded property Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: already loaded, so not setting loaded property Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finished handling request for user 'a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: unrefing manager owned by fetch user request Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to AUTHORIZED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: determining if authenticated user (password required:0) is authorized to session Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state AUTHORIZED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to ACCREDITED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'LOGNAME=a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'USER=a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'USERNAME=a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'HOME=/home/a001329' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'PWD=/home/a001329' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'SHELL=/bin/bash' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state ACCREDITED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: session display mode set to new-vt Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_SESSION_TYPE=x11' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'GDK_BACKEND=x11' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to ACCOUNT_DETAILS_SAVED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: saving account details for user a001329@ad.example.com Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: trying to track new user with username a001329@ad.example.com Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329@ad.example.com' state 1 Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329@ad.example.com' state 2 Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Looking for user 'a001329@ad.example.com' in accounts service Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: could not save session and language settings Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to SESSION_OPENED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_VTNR=7' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: pam_unix(gdm-smartcard:session): session opened for user a001329@ad.example.com by (uid=0) Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: 1 new messages received from PAM Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: username is 'a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: old-username='a001329@ad.example.com' new-username='a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: received pam message of type 4 with payload 'Last login: Wed Jun 5 13:59:23 CEST 2019 on tty7' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: PAM conversation returning 0: Success Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state SESSION_OPENED Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Found object path of user 'a001329@ad.example.com': /org/freedesktop/Accounts/User60483 Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329@ad.example.com' state 3 Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user 'a001329@ad.example.com' fetched Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user a001329 is now loaded Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sessions changed (user a001329) num=0 Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: no pending users, trying to set loaded property Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: already loaded, so not setting loaded property Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finished handling request for user 'a001329@ad.example.com' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GLib-GObject: invalid uninstantiatable type '(null)' in cast to 'GObject' Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GLib-GObject: g_object_set_data: assertion 'G_IS_OBJECT (object)' failed Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: unrefing manager owned by fetch user request Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'LANG=en_GB.UTF-8' Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'GDMSESSION=gnome' Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_SESSION_DESKTOP=gnome' Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'DESKTOP_SESSION=gnome' Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_CURRENT_DESKTOP=GNOME' Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'GDM_LANG=en_GB.UTF-8' Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: start program: /usr/libexec/gdm-x-session "gnome-session" Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to SESSION_STARTED Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: opening user session with program '/usr/libexec/gdm-x-session' Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: jumping to VT 7 Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: first setting graphics mode to prevent flicker Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: VT mode did not need to be fixed Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PostLogin Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: script /etc/gdm/PostLogin not found; skipping Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PostLogin/Default Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: script /etc/gdm/PostLogin/Default not found; skipping Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: no script found Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PreSession Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: script /etc/gdm/PreSession not found; skipping Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PreSession/Default Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Running process: /etc/gdm/PreSession/Default Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: HOME=/home/a001329 Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: GROUP=id Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: RUNNING_UNDER_GDM=true Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: LOGNAME=a001329@ad.example.com Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: USERNAME=a001329@ad.example.com Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: PWD=/home/a001329 Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: USER=a001329@ad.example.com Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: SHELL=/bin/bash Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Process exit status: 0 Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: session opened creating reply... Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state SESSION_STARTED Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSession worker: watching pid 30414 Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30414]: Loading env vars from /usr/share/gdm/env.d/flatpak.env Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30414]: GdmSessionWorker: Set PAM environment variable: 'XDG_DATA_DIRS=/home/a001329/.local/share/flatpak /exports/share/:/var/lib/flatpak/exports/share/:/usr/local/share/:/usr/share/' Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329 Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329 Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329 Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329 Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329 Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329 Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329 Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329 Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329 Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329 Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329 Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329 Looks like AccountsService is converting the fq name to short name in some places and in some places does not. The line: could not save session and language settings indicates to me that AccountsService failed to create the user session file, but there is no information about why. Version-Release number of selected component (if applicable): gdm-3.28.3-20.el8.x86_64 accountsservice-0.6.50-6.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. Log in with smartcard using pam_sss 2. 3. Actual results: No user session file in /var/lib/AccountsService/users/ Expected results: Additional info: Also, GDM uses the fully qualified name format when setting the environment variables '$USER', '$USERNAME' and '$LOGNAME'. For me this seems wrong, it should be the short version of the name.
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1718156
Metadata Update from @sbose: - Issue assigned to sbose
PR: https://github.com/SSSD/sssd/pull/871
Metadata Update from @sbose: - Custom field patch adjusted to on
Commit 5dccf76 relates to this ticket
Master:
Metadata Update from @sbose: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/5037
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.