aad-auth icon indicating copy to clipboard operation
aad-auth copied to clipboard

Published 20 hours ago verified publisher icon ubuntu

Issue: user id and group idtoo long for many software

Open ruben-herold opened this issue 1 year ago • 5 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues and found none that matched mine

Describe the issue

hi,

we try to get it running on ubuntu 23.10 and run into some issues. Looks like the same like in #200. After digging a little bit deeper into the system, we could see that for example, xdg-desktop-portal-gnome runs into a long timeout. Removing it and replace it with xdg-desktop-portal-wl and it runs.

But there were many other errors. After looking a round, we found that some software seems to have problems with the large uid/gid which is created by aadauth. Here for example: 3583755937 as uid and gid.

If I create a local user with such a high uid and gid I see the same problems as with aad-auth.

Steps to reproduce it

ubuntu 23.10 install aad auth Login as Azure ad user try to start software from gnome for example firefox

Ubuntu users: System information and logs

No response

Non Ubuntu users: System information and logs

Environment

  • aad-auth version: please run aad-cli version
  • Distribution: (NAME in /etc/os-release)
  • Distribution version: (VERSION_ID on /etc/os-release):

Log files

Please redact/remove sensitive information:

aad-auth logs can be found in the system journal and queried with:
`journalctl | grep _aad`

Application settings

Please redact/remove sensitive information:

You can get the configuration file from /etc/aad.conf

Relevant information

No response

Double check your logs

  • [X] I have redacted any sensitive information from the logs

ruben-herold avatar Jan 22 '24 14:01 ruben-herold

Found this ticket while troubleshooting this exact issue on a fleet of VMs. Worrying that it's not getting any attention after being reported nearly immediately after release of aad-support. (Ref #200 )

Any workaround?

sindreal avatar Feb 08 '24 15:02 sindreal

@sindreal look for me like this is abandoned. No changes (only automatics), no reactions on issues and no new needed features like groups and so on (could be realized via SCIMv2). There is another Ubuntu project that is more generic but has the same problematic workflows, see: https://github.com/ubuntu/oidc-broker.

I also tried to get in contact with Massimiliano Gori (https://ubuntu.com/blog/azure-ad-authentication-comes-to-ubuntu-desktop-23-04) via LinkedIn but no reaction.

ruben-herold avatar Feb 09 '24 08:02 ruben-herold

Looks like they've moved on to https://github.com/ubuntu/authd

stedaniels avatar Feb 16 '24 11:02 stedaniels

@stedaniels yes looks like but no documentation, no information for the users nothing. This is a mess. @denisonbarbosa or @didrocks can some give a little bit light into this?

ruben-herold avatar Feb 16 '24 15:02 ruben-herold

I managed to fix this by directly editing /var/lib/aad/cache/passwd.db and /var/lib/aad/cache/shadow.db with an SQLite editor. Just change the UID and GID in every table to something over 60000 then chown -R the home directories of the users.

It’s only a hotfix but it’ll do until they accept a pull request which introduces configurable UID and GID for new users.

ghost avatar Apr 27 '24 04:04 ghost