[Bug 1928954] Re: sssd not using offline credentials even no network available
Hi Walter, that is a default behavior of launchpad since the bug was on "expired" for too long it was auto-closed. The last few week was the Christmas shutdown period and even before a lot of things were busy. I'm sure Sergio or someone else will have a deeper look at your new logs provided in commend #6 once back. Setting it back to in-progress (or new) with a ping on the bug was just the right thing to do. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928954 Title: sssd not using offline credentials even no network available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928954] Re: sssd not using offline credentials even no network available
This problem still exists. Why is it cloesed? ** Changed in: sssd (Ubuntu) Status: Expired => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928954 Title: sssd not using offline credentials even no network available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928954] Re: sssd not using offline credentials even no network available
[Expired for sssd (Ubuntu) because there has been no activity for 60 days.] ** Changed in: sssd (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928954 Title: sssd not using offline credentials even no network available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928954] Re: sssd not using offline credentials even no network available
Hello, today I was able to play around some more. I installed a new VM with Ubuntu 20.04. The domain join is done by our install script. I changed it to set log level to 6. I logged in with a user, disconnected the LAN connection and logged out. Then I was not able to login for a few minutes. Without doing anything but wait a login was possible. I guess it took a while to discover that the offline credentials needed to be used. ** Attachment added: "sssd.logs.tar" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+attachment/5534625/+files/sssd.logs.tar -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928954 Title: sssd not using offline credentials even no network available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928954] Re: sssd not using offline credentials even no network available
Hi, sorry about the delay in replying; we're busy preparing the new
release.
Thanks for providing more information about the bug. I compared the
configuration you provided with the one I have installed in my test
environment, and it seems like they're pretty much the same. At least I
don't see anything that might be a problem in your configuration, and I
do see the right setting that is necessary to make offline logins work
(cache_credentials = True).
I did another test here and created a new user ("samba-tool user create
blabla password"), logged in with it, logged out, powered off the AD DC
VM, and then tried to log in again. Although the login process takes a
bit more time (i.e., a few more seconds) than what is normally expected
(due to the DC being offline), it eventually succeeds and I can
successfully login using my offline credentials.
I noticed that you have a debug level set to 1 in your sssd.conf file.
Could you set it to 6 instead (you can also use the sss_debuglevel tool
to do that) and then attach the log files that live inside
/var/log/sssd/ to this bug, please? I'm interested in the files that
end with ".log" (i.e., I'm not interested in the files named .1, .2.gz,
etc.). Also, make sure to promptly try to login using your offline
credentials after setting the debug level, because then we have a better
chance at catching the problem.
Lastly, I'd like to ask if it's possible for you to create an Ubuntu
Impish LXD and configure it as a client in your environment so that you
can try to reproduce the problem there.
Thank you in advance.
** Changed in: sssd (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928954
Title:
sssd not using offline credentials even no network available
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928954] Re: sssd not using offline credentials even no network available
Today I installed another laptop. I logged in with one user and entered a few commands (mokutil). After that I logged out, disconnected the LAN cable and was able to log in. Then I connected the LAn cable again. Logged in with a different user immediately logged out and during that disconnected the LAN cable. With the new user I was not able to log in while disconnected. Is there a delay between login and creating the offline credentials? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928954 Title: sssd not using offline credentials even no network available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928954] Re: sssd not using offline credentials even no network available
Hello,
today I installed 7 laptops with Ubuntu 20.04 LTS directly from ubuntu
repo. Afterwards I set up our domain and all of these laptops have
above problem.
As far as I can tell the sssd demon does not enter offline state even
when the LAN cable is disconnected.
We have a "normal" Windows Server as domain controller I am not sure
which informations will help you there.
Here is our sssd.conf
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = REALM.LO
debug_level = 1
[domain/REALM.LO]
debug_level = 1
id_provider = ad
access_provider = ad
auth_provider = ad
krb5_store_password_if_offline = True
enumerate = False
ignore_group_members = True
use_fully_qualified_names = False
auto_private_groups = True
cache_credentials = True
ad_gpo_access_control = permissive
krb5_server = realm.lo
krb5_realm = realm.lo
# SSH Key Login
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
# home directory
override_homedir = /home/%d/%u
default_shell = /bin/bash
-
and our krb5.conf
[libdefaults]
default_realm = REALM.LO
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
dns_lookup_realm = true
dns_lookup_kdc = true
rdn = true
[realms]
REALM.LO = {
kdc = realm.lo
admin_server = realm.lo
}
[domain_realms]
.realm.lo = REALM.LO
I would gladly provide more informations if needed
** Changed in: sssd (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928954
Title:
sssd not using offline credentials even no network available
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928954] Re: sssd not using offline credentials even no network available
Hello Walter, Thank you for reporting this bug, and apologies for the dealy in getting back to it. Unfortunately the bug fell through the cracks and our team is somewhat busy with other stuff. Anyway, I have finally had the time to try to reproduce this. I set up a VM with a Samba AD DC + Kerberos auth (server), and an LXD container acting as a client. Then, after creating a user/principal on the server, I was able to successfully login with it inside the client (as expected). With that in place, I brought the network connectivity down on the client and tried logging in again with the same user. Everything worked. I also tried doing some research online to see if I could find similar issues reported against sssd, but came up with nothing. Given that I could not reproduce the issue, I would like to ask you for more information about your setup. If you can provide configuration files for SSSD and you AD DC, that would be great. If you can provide detailed reproduction steps, that would be even better. For now, I am going to set this bug's status to Incomplete. When you provide the requested information, feel free to set it back to New. Thank you in advance. ** Changed in: sssd (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928954 Title: sssd not using offline credentials even no network available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1928954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
