Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue: User is only added to a maximum of 100 groups #549

Open
2 tasks done
namato1 opened this issue Sep 23, 2024 · 7 comments
Open
2 tasks done

Issue: User is only added to a maximum of 100 groups #549

namato1 opened this issue Sep 23, 2024 · 7 comments
Labels
bug Something isn't working high High importance issue jira

Comments

@namato1
Copy link

namato1 commented Sep 23, 2024

Is there an existing issue for this?

  • I have searched the existing issues and found none that matched mine

Describe the issue

Our AD users have far to many groups and it seems to be random which groups get pulled down for each user. Users cannot have sudo access because there is no way to confirm if all there groups are pulled down. We confirmed ALL groups have GID's

We then tried to add the user to a local group and realized that AD users are not part of any local groups. Nor can we add them to a local group as they will be removed on logout

We tested the edge channel as well

Steps to reproduce

option 1: AD Groups
run sudo login
connect as user
run groups
notice multiple AD groups are missing

option 2: Local Group
login with authd account
run groups command
notice all missing local groups

System information and logs

authd version

authd	0.3.4~ppa3

authd-msentraid broker version

name:      authd-msentraid
summary:   MSEntra ID broker for authd
publisher: Canonical**
store-url: https://snapcraft.io/authd-msentraid
license:   GPL-3.0
description: |
  This is the MS Entra ID broker snap for authd  to provide MS Entra ID OIDC
  based authentication on Ubuntu with authd.
services:
  authd-msentraid: simple, enabled, active
snap-id:      vS3oJLMss6lgWwoFcPqYDUA2HB20I1Dc
tracking:     0.x/stable
refresh-date: today at 17:07 UTC
channels:
  0.x/stable:    0.1                 2024-09-16 (44) 17MB -
  0.x/candidate: ^                                        
  0.x/beta:      ^                                        
  0.x/edge:      0.1+4fe9826.0f76acc 2024-09-20 (51) 18MB -
installed:       0.1                            (44) 17MB -

gnome-shell version

gnome-shell:
  Installed: 46.3.1-1ubuntu1~24.04.1
  Candidate: 46.3.1-1ubuntu1~24.04.1
  Version table:
 *** 46.3.1-1ubuntu1~24.04.1 500
        500 https://ppa.launchpadcontent.net/ubuntu-enterprise-desktop/authd/ubuntu noble/main amd64 Packages
        100 /var/lib/dpkg/status
     46.0-0ubuntu6~24.04.4 500
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
     46.0-0ubuntu6~24.04.3 500
        500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
     46.0-0ubuntu5 500
        500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
     45.2-0ubuntu1.1 500
        500 http://security.ubuntu.com/ubuntu mantic-security/main amd64 Packages
     45.0-1ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages
     42.9-0ubuntu2.2 500
        500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
     42.0-2ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

Distribution

Distributor ID:	Ubuntu
Description:	Ubuntu 24.04.1 LTS
Release:	24.04
Codename:	noble

Logs

[  111.633444] test-device systemd[1]: Starting authd.service - Authd daemon service...
[  111.653124] test-device authd[9526]: WARNING Broker configuration directory "/etc/authd/brokers.d/" does not exist, only local broker will be available
[  111.657206] test-device systemd[1]: Started authd.service - Authd daemon service.
[  123.233188] test-device authd[9526]: 2024/09/23 17:07:39 WARN rpc error: code = NotFound desc =
[  124.185591] test-device systemd[1]: Started snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid.
[  124.364343] test-device systemd[1]: Stopping authd.service - Authd daemon service...
[  124.365532] test-device systemd[1]: authd.service: Deactivated successfully.
[  124.365702] test-device systemd[1]: Stopped authd.service - Authd daemon service.
[  124.386424] test-device systemd[1]: Starting authd.service - Authd daemon service...
[  124.403077] test-device systemd[1]: Started authd.service - Authd daemon service.
[  124.460435] test-device systemd[1]: Stopping snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid...
[  124.465529] test-device systemd[1]: snap.authd-msentraid.authd-msentraid.service: Deactivated successfully.
[  124.465687] test-device systemd[1]: Stopped snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid.
[  124.483570] test-device systemd[1]: Started snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid.
[  129.416683] test-device authd[11498]: 2024/09/23 17:07:45 WARN rpc error: code = NotFound desc =
[  180.384824] test-device authd[11498]: 2024/09/23 17:08:36 WARN rpc error: code = NotFound desc =
[  180.400736] test-device authd[11498]: 2024/09/23 17:08:36 WARN rpc error: code = NotFound desc =
[  180.401920] test-device authd[11498]: 2024/09/23 17:08:36 WARN rpc error: code = NotFound desc =
[  180.431585] test-device authd[11498]: 2024/09/23 17:08:36 WARN rpc error: code = NotFound desc =
[  180.844669] test-device authd[11498]: 2024/09/23 17:08:37 WARN rpc error: code = NotFound desc =
[  187.178700] test-device authd[11498]: 2024/09/23 17:08:43 WARN rpc error: code = NotFound desc =
[  189.451461] test-device authd[11498]: 2024/09/23 17:08:45 WARN rpc error: code = NotFound desc =
[  190.310284] test-device authd[11498]: 2024/09/23 17:08:46 WARN rpc error: code = NotFound desc =
[  190.311424] test-device authd[11498]: 2024/09/23 17:08:46 WARN rpc error: code = NotFound desc =
[  190.318115] test-device authd[11498]: 2024/09/23 17:08:46 WARN rpc error: code = NotFound desc =
[  190.321177] test-device authd[11498]: 2024/09/23 17:08:46 WARN rpc error: code = NotFound desc =
[  197.178334] test-device authd[11498]: 2024/09/23 17:08:53 WARN rpc error: code = NotFound desc =
[  204.682444] test-device authd[11498]: 2024/09/23 17:09:01 WARN rpc error: code = NotFound desc =
[  206.889547] test-device authd[11498]: 2024/09/23 17:09:03 WARN rpc error: code = NotFound desc =
[  207.178779] test-device authd[11498]: 2024/09/23 17:09:03 WARN rpc error: code = NotFound desc =
[  224.593675] test-device authd[11498]: 2024/09/23 17:09:21 WARN rpc error: code = NotFound desc =
[  228.286308] test-device authd[11498]: 2024/09/23 17:09:24 WARN rpc error: code = NotFound desc =
[  249.479353] test-device authd[11498]: 2024/09/23 17:09:45 WARN rpc error: code = NotFound desc =
[  266.943958] test-device authd[11498]: 2024/09/23 17:10:03 WARN rpc error: code = NotFound desc =
[  273.088304] test-device authd[11498]: 2024/09/23 17:10:09 WARN rpc error: code = NotFound desc =
[  281.149103] test-device authd[11498]: 2024/09/23 17:10:17 WARN rpc error: code = NotFound desc =
[  283.945294] test-device authd[11498]: 2024/09/23 17:10:20 WARN rpc error: code = NotFound desc =
[  309.560016] test-device authd[11498]: 2024/09/23 17:10:46 WARN rpc error: code = NotFound desc =
[  329.236133] test-device authd[11498]: 2024/09/23 17:11:05 WARN rpc error: code = NotFound desc =
[  329.236897] test-device authd[11498]: 2024/09/23 17:11:05 WARN rpc error: code = NotFound desc =
[  329.237818] test-device authd[11498]: 2024/09/23 17:11:05 WARN rpc error: code = NotFound desc =
[  329.238459] test-device authd[11498]: 2024/09/23 17:11:05 WARN rpc error: code = NotFound desc =
[  330.327182] test-device authd[11498]: 2024/09/23 17:11:06 WARN rpc error: code = NotFound desc =
[  330.328481] test-device authd[11498]: 2024/09/23 17:11:06 WARN rpc error: code = NotFound desc =
[  330.329509] test-device authd[11498]: 2024/09/23 17:11:06 WARN rpc error: code = NotFound desc =
[  330.329933] test-device authd[11498]: 2024/09/23 17:11:06 WARN rpc error: code = NotFound desc =
[  365.293671] test-device authd[11498]: 2024/09/23 17:11:41 WARN rpc error: code = NotFound desc =
[  460.321361] test-device authd[11498]: 2024/09/23 17:13:16 WARN rpc error: code = NotFound desc =
[  462.379159] test-device authd[11498]: 2024/09/23 17:13:18 WARN rpc error: code = NotFound desc =
[  466.747859] test-device authd[11498]: 2024/09/23 17:13:23 WARN rpc error: code = NotFound desc =
[  473.754658] test-device gpasswd[27424]: user [email protected] removed by root from group root
[  508.947254] test-device authd[11498]: 2024/09/23 17:14:05 WARN rpc error: code = NotFound desc =
[  618.286496] test-device authd[11498]: 2024/09/23 17:15:54 WARN rpc error: code = NotFound desc =
[  632.897919] test-device authd[11498]: 2024/09/23 17:16:09 WARN rpc error: code = NotFound desc =
[  740.611206] test-device authd[11498]: 2024/09/23 17:17:57 WARN rpc error: code = NotFound desc =
[  782.992475] test-device authd[11498]: 2024/09/23 17:18:39 WARN rpc error: code = NotFound desc =
[  787.430635] test-device authd[11498]: 2024/09/23 17:18:43 WARN rpc error: code = NotFound desc =
[  829.476742] test-device authd[11498]: 2024/09/23 17:19:25 WARN rpc error: code = NotFound desc =
[  857.751273] test-device authd[11498]: 2024/09/23 17:19:54 WARN rpc error: code = NotFound desc =
[  857.758134] test-device authd[11498]: 2024/09/23 17:19:54 WARN rpc error: code = NotFound desc =
[  868.712216] test-device authd[11498]: 2024/09/23 17:20:05 WARN rpc error: code = NotFound desc =
[  868.716391] test-device authd[11498]: 2024/09/23 17:20:05 WARN rpc error: code = NotFound desc =
[  878.094385] test-device authd[11498]: 2024/09/23 17:20:14 WARN rpc error: code = NotFound desc =
[  878.102500] test-device authd[11498]: 2024/09/23 17:20:14 WARN rpc error: code = NotFound desc =
[  893.259328] test-device authd[11498]: 2024/09/23 17:20:29 WARN rpc error: code = NotFound desc =
[  893.263718] test-device authd[11498]: 2024/09/23 17:20:29 WARN rpc error: code = NotFound desc =
[ 1068.462436] test-device authd[11498]: 2024/09/23 17:23:24 WARN rpc error: code = NotFound desc =
[ 1068.467416] test-device authd[11498]: 2024/09/23 17:23:24 WARN rpc error: code = NotFound desc =
[ 1073.467989] test-device authd[11498]: 2024/09/23 17:23:29 WARN rpc error: code = NotFound desc =
[ 1073.472404] test-device authd[11498]: 2024/09/23 17:23:29 WARN rpc error: code = NotFound desc =
[ 1088.407975] test-device authd[11498]: 2024/09/23 17:23:44 WARN rpc error: code = NotFound desc =
[ 1088.412657] test-device authd[11498]: 2024/09/23 17:23:44 WARN rpc error: code = NotFound desc =
[ 1182.165963] test-device authd[11498]: 2024/09/23 17:25:18 WARN rpc error: code = NotFound desc =
[ 1182.167688] test-device authd[11498]: 2024/09/23 17:25:18 WARN rpc error: code = NotFound desc =
[ 1183.428666] test-device gdm-authd][30677]: gkr-pam: no password is available for user
[ 1183.458317] test-device gdm-authd][30677]: pam_intune(gdm-authd:session): No authtok available; password policies will fail: No module specific data is present
[ 1183.459204] test-device gdm-authd][30677]: pam_unix(gdm-authd:session): session opened for user [email protected](uid=843501783) by [email protected](uid=0)
[ 1183.795099] test-device gdm-authd][30677]: gkr-pam: couldn't unlock the login keyring.
[ 1184.078655] test-device authd[11498]: 2024/09/23 17:25:20 WARN rpc error: code = NotFound desc =
[ 1184.079578] test-device authd[11498]: 2024/09/23 17:25:20 WARN rpc error: code = NotFound desc =
[ 1184.081452] test-device authd[11498]: 2024/09/23 17:25:20 WARN rpc error: code = NotFound desc =
[ 1188.102299] test-device authd[11498]: 2024/09/23 17:25:24 WARN rpc error: code = NotFound desc =
[ 1246.549122] test-device authd[11498]: 2024/09/23 17:26:23 WARN rpc error: code = NotFound desc =
[ 1247.655465] test-device authd[11498]: 2024/09/23 17:26:24 WARN rpc error: code = NotFound desc =
[ 1642.137136] test-device authd[11498]: 2024/09/23 17:32:58 WARN rpc error: code = NotFound desc =
[ 2010.738581] test-device gdm-authd][30677]: pam_unix(gdm-authd:session): session closed for user [email protected]
[ 2015.854119] test-device gdm-authd][36629]: pam_intune(gdm-authd:auth): Creating auth context
[ 2015.856125] test-device gdm-authd][36629]: gkr-pam: unable to locate daemon control file
[ 2015.856220] test-device gdm-authd][36629]: gkr-pam: stashed password to try later in open session
[ 2015.880010] test-device gdm-authd][36629]: pam_intune(gdm-authd:session): Processing user session startup
[ 2015.880329] test-device gdm-authd][36629]: pam_intune(gdm-authd:session): Processed Intune policy for localUser
[ 2015.880364] test-device gdm-authd][36629]: pam_unix(gdm-authd:session): session opened for user localUser(uid=1000) by localUser(uid=0)
[ 2016.135413] test-device gdm-authd][36629]: gkr-pam: unlocked login keyring
[ 2016.407592] test-device authd[11498]: 2024/09/23 17:39:12 WARN rpc error: code = NotFound desc =
[ 2016.409554] test-device authd[11498]: 2024/09/23 17:39:12 WARN rpc error: code = NotFound desc =
[ 2016.411314] test-device authd[11498]: 2024/09/23 17:39:12 WARN rpc error: code = NotFound desc =
[ 2018.195596] test-device authd[11498]: 2024/09/23 17:39:14 WARN rpc error: code = NotFound desc =
[ 2022.168135] test-device authd[11498]: 2024/09/23 17:39:18 WARN rpc error: code = NotFound desc =
[ 2069.420149] test-device authd[11498]: 2024/09/23 17:40:05 WARN rpc error: code = NotFound desc =
[ 2069.424317] test-device authd[11498]: 2024/09/23 17:40:05 WARN rpc error: code = NotFound desc =
[ 2074.589293] test-device authd[11498]: 2024/09/23 17:40:11 WARN rpc error: code = NotFound desc =
[ 2074.597809] test-device authd[11498]: 2024/09/23 17:40:11 WARN rpc error: code = NotFound desc =
[ 2078.944317] test-device authd[11498]: 2024/09/23 17:40:15 WARN rpc error: code = NotFound desc =
[ 2082.034324] test-device authd[11498]: 2024/09/23 17:40:18 WARN rpc error: code = NotFound desc =
[ 2101.529749] test-device authd[11498]: 2024/09/23 17:40:38 WARN rpc error: code = NotFound desc =
[ 2114.894393] test-device authd[11498]: 2024/09/23 17:40:51 WARN rpc error: code = NotFound desc =
[ 2114.896801] test-device authd[11498]: 2024/09/23 17:40:51 WARN rpc error: code = NotFound desc =
[ 2114.897055] test-device authd[11498]: 2024/09/23 17:40:51 WARN rpc error: code = NotFound desc =
[ 2146.116404] test-device authd[11498]: 2024/09/23 17:41:22 WARN rpc error: code = NotFound desc =
[ 2148.836751] test-device gdm-authd][36629]: pam_unix(gdm-authd:session): session closed for user localUser
[ 2148.851244] test-device systemd[1]: Stopping authd.service - Authd daemon service...
[ 2148.913464] test-device systemd[1]: Stopping snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid...
[ 2148.965345] test-device systemd[1]: authd.service: Deactivated successfully.
[ 2148.965514] test-device systemd[1]: Stopped authd.service - Authd daemon service.
[ 2148.965681] test-device systemd[1]: authd.service: Consumed 14.664s CPU time, 8.3M memory peak, 0B memory swap peak.
[ 2148.967048] test-device systemd[1]: snap.authd-msentraid.authd-msentraid.service: Deactivated successfully.
[ 2148.967274] test-device systemd[1]: Stopped snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid.
-- Boot bd39bd3cf5874fa7b807ff545670b017 --
[    4.586610] test-device systemd[1]: Starting authd.service - Authd daemon service...
[    4.588261] test-device systemd[1]: Started authd.service - Authd daemon service.
[    5.265432] test-device systemd[1]: Started snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid.
[   17.764912] test-device gpasswd[2809]: user [email protected] removed by root from group localsudogroup
[   17.820876] test-device gdm-authd][2737]: gkr-pam: no password is available for user
[   17.848689] test-device gdm-authd][2737]: pam_intune(gdm-authd:session): No authtok available; password policies will fail: No module specific data is present
[   17.849554] test-device gdm-authd][2737]: pam_unix(gdm-authd:session): session opened for user [email protected](uid=843501783) by [email protected](uid=0)
[   18.223047] test-device gdm-authd][2737]: gkr-pam: couldn't unlock the login keyring.
[   22.351498] test-device authd[1112]: 2024/09/23 17:42:31 WARN rpc error: code = NotFound desc =
[   40.299647] test-device authd[1112]: 2024/09/23 17:42:49 WARN rpc error: code = NotFound desc =
[   40.300437] test-device authd[1112]: 2024/09/23 17:42:49 WARN rpc error: code = NotFound desc =
[   81.547307] test-device authd[1112]: 2024/09/23 17:43:31 WARN rpc error: code = NotFound desc =
[   82.651460] test-device authd[1112]: 2024/09/23 17:43:32 WARN rpc error: code = NotFound desc =
[   98.543245] test-device gdm-authd][2737]: pam_unix(gdm-authd:session): session closed for user [email protected]
[   98.565788] test-device authd[1112]: 2024/09/23 17:43:48 WARN rpc error: code = NotFound desc =
[   98.569399] test-device authd[1112]: 2024/09/23 17:43:48 WARN rpc error: code = NotFound desc =
[  104.481218] test-device gdm-authd][6894]: pam_intune(gdm-authd:auth): Creating auth context
[  104.484247] test-device gdm-authd][6894]: gkr-pam: unable to locate daemon control file
[  104.484340] test-device gdm-authd][6894]: gkr-pam: stashed password to try later in open session
[  104.516806] test-device gdm-authd][6894]: pam_intune(gdm-authd:session): Processing user session startup
[  104.517106] test-device gdm-authd][6894]: pam_intune(gdm-authd:session): Creating runtime dir /run/intune/1000
[  104.517137] test-device gdm-authd][6894]: pam_intune(gdm-authd:session): Processed Intune policy for localUser
[  104.517162] test-device gdm-authd][6894]: pam_unix(gdm-authd:session): session opened for user localUser(uid=1000) by localUser(uid=0)
[  104.814562] test-device gdm-authd][6894]: gkr-pam: unlocked login keyring
[  105.089123] test-device authd[1112]: 2024/09/23 17:43:54 WARN rpc error: code = NotFound desc =
[  105.095843] test-device authd[1112]: 2024/09/23 17:43:54 WARN rpc error: code = NotFound desc =
[  105.098304] test-device authd[1112]: 2024/09/23 17:43:54 WARN rpc error: code = NotFound desc =
[  107.288312] test-device authd[1112]: 2024/09/23 17:43:56 WARN rpc error: code = NotFound desc =
[  110.425868] test-device authd[1112]: 2024/09/23 17:43:59 WARN rpc error: code = NotFound desc =
[  139.342803] test-device authd[1112]: 2024/09/23 17:44:28 WARN rpc error: code = NotFound desc =
[  139.369964] test-device authd[1112]: 2024/09/23 17:44:28 WARN rpc error: code = NotFound desc =
[  157.955980] test-device authd[1112]: 2024/09/23 17:44:47 WARN rpc error: code = NotFound desc =
[  167.943857] test-device authd[1112]: 2024/09/23 17:44:57 WARN rpc error: code = NotFound desc =
[  170.037414] test-device authd[1112]: 2024/09/23 17:44:59 WARN rpc error: code = NotFound desc =
[  211.110262] test-device authd[1112]: 2024/09/23 17:45:40 WARN rpc error: code = NotFound desc =
[  218.550706] test-device gdm-authd][6894]: pam_unix(gdm-authd:session): session closed for user localUser
[  228.759635] test-device gpasswd[10754]: user [email protected] removed by root from group localsudogroup
[  228.815124] test-device gdm-authd][10519]: gkr-pam: no password is available for user
[  228.845770] test-device gdm-authd][10519]: pam_intune(gdm-authd:session): No authtok available; password policies will fail: No module specific data is present
[  228.846578] test-device gdm-authd][10519]: pam_unix(gdm-authd:session): session opened for user [email protected](uid=843501783) by [email protected](uid=0)
[  229.194698] test-device gdm-authd][10519]: gkr-pam: couldn't unlock the login keyring.
[  229.474606] test-device authd[1112]: 2024/09/23 17:45:58 WARN rpc error: code = NotFound desc =
[  229.475634] test-device authd[1112]: 2024/09/23 17:45:58 WARN rpc error: code = NotFound desc =
[  229.478510] test-device authd[1112]: 2024/09/23 17:45:58 WARN rpc error: code = NotFound desc =
[  230.430455] test-device authd[1112]: 2024/09/23 17:45:59 WARN rpc error: code = NotFound desc =
[  230.430945] test-device authd[1112]: 2024/09/23 17:45:59 WARN rpc error: code = NotFound desc =
[  233.491290] test-device authd[1112]: 2024/09/23 17:46:03 WARN rpc error: code = NotFound desc =
[  292.549528] test-device authd[1112]: 2024/09/23 17:47:02 WARN rpc error: code = NotFound desc =
[  293.639106] test-device authd[1112]: 2024/09/23 17:47:03 WARN rpc error: code = NotFound desc =
[  800.054959] test-device gdm-authd][10519]: pam_unix(gdm-authd:session): session closed for user [email protected]
[  806.670988] test-device gdm-authd][16203]: pam_intune(gdm-authd:auth): Creating auth context
[  806.673063] test-device gdm-authd][16203]: gkr-pam: unable to locate daemon control file
[  806.673148] test-device gdm-authd][16203]: gkr-pam: stashed password to try later in open session
[  806.692924] test-device gdm-authd][16203]: pam_intune(gdm-authd:session): Processing user session startup
[  806.693225] test-device gdm-authd][16203]: pam_intune(gdm-authd:session): Processed Intune policy for localUser
[  806.693254] test-device gdm-authd][16203]: pam_unix(gdm-authd:session): session opened for user localUser(uid=1000) by localUser(uid=0)
[  806.952413] test-device gdm-authd][16203]: gkr-pam: unlocked login keyring
[  807.241602] test-device authd[1112]: 2024/09/23 17:55:36 WARN rpc error: code = NotFound desc =
[  807.243971] test-device authd[1112]: 2024/09/23 17:55:36 WARN rpc error: code = NotFound desc =
[  807.245448] test-device authd[1112]: 2024/09/23 17:55:36 WARN rpc error: code = NotFound desc =
[  808.866366] test-device authd[1112]: 2024/09/23 17:55:38 WARN rpc error: code = NotFound desc =
[  810.439838] test-device authd[1112]: 2024/09/23 17:55:39 WARN rpc error: code = NotFound desc =
[  841.487858] test-device authd[1112]: 2024/09/23 17:56:11 WARN rpc error: code = NotFound desc =
[  843.301807] test-device authd[1112]: 2024/09/23 17:56:12 WARN rpc error: code = NotFound desc =
[  857.518295] test-device authd[1112]: 2024/09/23 17:56:27 WARN rpc error: code = NotFound desc =
[  868.946691] test-device authd[1112]: 2024/09/23 17:56:38 WARN rpc error: code = NotFound desc =
[  871.051558] test-device authd[1112]: 2024/09/23 17:56:40 WARN rpc error: code = NotFound desc =
[  913.922771] test-device authd[1112]: 2024/09/23 17:57:23 WARN rpc error: code = NotFound desc =
[  976.913238] test-device authd[1112]: 2024/09/23 17:58:26 WARN rpc error: code = NotFound desc =
[  976.918111] test-device authd[1112]: 2024/09/23 17:58:26 WARN rpc error: code = NotFound desc =
[ 1125.051524] test-device authd[1112]: 2024/09/23 18:00:54 WARN rpc error: code = NotFound desc =
[ 1125.056189] test-device authd[1112]: 2024/09/23 18:00:54 WARN rpc error: code = NotFound desc =
[ 1127.665010] test-device authd[1112]: 2024/09/23 18:00:57 WARN rpc error: code = NotFound desc =
[ 1127.690718] test-device authd[1112]: 2024/09/23 18:00:57 WARN rpc error: code = NotFound desc =
[ 1142.281709] test-device authd[1112]: 2024/09/23 18:01:11 WARN rpc error: code = NotFound desc =
[ 1157.148029] test-device authd[1112]: 2024/09/23 18:01:26 WARN rpc error: code = NotFound desc =
[ 1162.525703] test-device authd[1112]: 2024/09/23 18:01:32 WARN rpc error: code = NotFound desc =
[ 1169.675687] test-device gpasswd[22103]: user [email protected] removed by root from group localsudogroup
[ 1169.819029] test-device authd[1112]: 2024/09/23 18:01:39 WARN rpc error: code = NotFound desc =
[ 1169.819681] test-device authd[1112]: 2024/09/23 18:01:39 WARN rpc error: code = NotFound desc =
[ 1173.566618] test-device authd[1112]: 2024/09/23 18:01:43 WARN rpc error: code = NotFound desc =
[ 1173.567436] test-device authd[1112]: 2024/09/23 18:01:43 WARN rpc error: code = NotFound desc =
[ 1183.224691] test-device authd[1112]: 2024/09/23 18:01:52 WARN rpc error: code = NotFound desc =
[ 1183.225273] test-device authd[1112]: 2024/09/23 18:01:52 WARN rpc error: code = NotFound desc =

authd broker configuration

/etc/authd/brokers.d/msentraid.conf

# This section is used by authd to identify and communicate with the broker.
# It should not be edited.
[authd]
name = Microsoft Entra ID
brand_icon = /snap/authd-msentraid/current/broker_icon.png
dbus_name = com.ubuntu.authd.MSEntraID
dbus_object = /com/ubuntu/authd/MSEntraID

authd-msentraid configuration

[oidc]
issuer = https://login.microsoftonline.com/<UUID redacted>/v2.0
client_id = <UUID redacted>

[users]
# The directory where the home directory will be created for new users.
# Existing users will keep their current directory.
# The user home directory will be created in the format of {home_base_dir}/{username}
# home_base_dir = /home

# The username suffixes that are allowed to login via ssh without existing previously in the system.
# The suffixes must be separated by commas.
# ssh_allowed_suffixes = @example.com,@anotherexample.com

Double check your logs

  • I have redacted any sensitive information from the logs
@namato1 namato1 added the bug Something isn't working label Sep 23, 2024
@denisonbarbosa
Copy link
Member

Hey, @namato1! Thanks for reporting this issue. Would you mind following the steps to enable the debug logs on the broker also? This can help us understand if something is going wrong on that side.

Seeing that you can authenticate with the remote user, I suspect this group listing issue could be an inconsistency/limitation of msgraph. We'll investigate the issue further!

Meanwhile, we have an updated version of authd in the authd-edge PPA, so would you mind updating to the newest version and also enabling the broker logs as I've mentioned above? Thanks again for your help!

@namato1
Copy link
Author

namato1 commented Sep 26, 2024

Hi, please see attached logs. Provided an updated log as well

snapauthd_msentra.log
authdservice.log

@dtx257
Copy link

dtx257 commented Oct 9, 2024

Same problem here, I have 130 Azure groups on my user and I only see 100 under Ubuntu. Another user with 116 groups only sees 100 also. (101 exactly with the local group equal to the user login) My logs are like yours.

Here the command to count groups
id -a | tr ',' '\n' | wc -l

@jibel jibel added the high High importance issue label Oct 9, 2024
@adombeck adombeck changed the title Issue: Missing AD Groups/Unable to add authd users to local group Issue: User is only added to a maximum of 100 groups Oct 9, 2024
@adombeck adombeck added the jira label Oct 9, 2024
@adombeck
Copy link
Contributor

adombeck commented Oct 9, 2024

@namato1, @dtx257: Thank you both for reporting this issue! We found the cause and plan to fix it soon.

@dtx257
Copy link

dtx257 commented Oct 15, 2024

Problem solved in version 0.3.6 edge, thanks guys.
Just need to handle the gnome keychain and we're good !

@adombeck
Copy link
Contributor

Problem solved in version 0.3.6 edge

Right, this issue should indeed be fixed on the edge channel of the authd-msentraid snap. Thanks for confirming!

@SiloReed
Copy link

Shouldn't the Microsoft 365 (Unified) groups be filtered out and only Security groups be enumerated by the broker? Unified groups can't be used for security on Windows so why would they be enumerated for Linux?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working high High importance issue jira
Projects
None yet
Development

No branches or pull requests

6 participants