Bug 76423

Summary: Active sssd user almost never shown in GDM user list when account also exists locally (in /etc/passwd) with no 'comment' field
Product: accountsservice Reporter: Adam Williamson <adamw>
Component: generalAssignee: Matthias Clasen <mclasen>
Status: RESOLVED MOVED QA Contact:
Severity: major    
Priority: medium CC: marius.vollmer, rstrode, stefw
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Adam Williamson 2014-03-21 01:02:45 UTC 
I have a FreeIPA setup on my home network, with three client machines all running Fedora (two F21, one F20). My actual user account - adamw, UID 1001, the one I log in to every day - almost never shows up on GDM's list on any of the three systems. In fact it may actually *never* show up, I don't think I recall it ever happening.

Sometimes, one of the other accounts configured in my FreeIPA instance will show up in the list - even though those accounts rarely or never actually log in.

On all three systems, my account seems to be in the cached list:

[adamw@xps13 ~]$ dbus-send --system --type=method_call --print-reply \
>     --dest=org.freedesktop.Accounts \
>     /org/freedesktop/Accounts \
>     org.freedesktop.Accounts.ListCachedUsers
method return sender=:1.5 -> dest=:1.172 reply_serial=2
   array [
      object path "/org/freedesktop/Accounts/User1000"
      object path "/org/freedesktop/Accounts/User1001"
   ]
[adamw@vaioz ~]$ dbus-send --system --type=method_call --print-reply \
>     --dest=org.freedesktop.Accounts \
>     /org/freedesktop/Accounts \
>     org.freedesktop.Accounts.ListCachedUsers
method return sender=:1.6 -> dest=:1.201 reply_serial=2
   array [
      object path "/org/freedesktop/Accounts/User1003"
      object path "/org/freedesktop/Accounts/User1001"
   ]
[adamw@adam data]$ dbus-send --system --type=method_call --print-reply \
>     --dest=org.freedesktop.Accounts \
>     /org/freedesktop/Accounts \
>     org.freedesktop.Accounts.ListCachedUsers
method return sender=:1.9 -> dest=:1.322 reply_serial=2
   array [
      object path "/org/freedesktop/Accounts/User157400001"
      object path "/org/freedesktop/Accounts/User1001"
   ]

but on none of the three does the account ever seem to show up in GDM's list. This isn't https://bugzilla.redhat.com/show_bug.cgi?id=958537 / https://bugs.freedesktop.org/show_bug.cgi?id=64186 - that one resulted in the account not showing up in the cached list, and anyway, F20 and F21 should have accountsservice packages with the fix for that bug included.

On one of the systems, the account was marked as a system account in /var/lib/AccountsService/users/adamw , but on the other two it wasn't, so I don't think that's the problem either. (I've fixed the one where it was marked as such).
Comment 1 Adam Williamson 2014-03-21 01:10:04 UTC 
Hum. This may be related to the account existing locally as well as on the FreeIPA server. I just removed the local 'copy' of the account on a couple of the affected systems, and the account showed up in the user list on the next cycle.
Comment 2 Adam Williamson 2014-03-21 01:20:33 UTC 
Yeah...so after removing the local 'copy' of the same account on all three systems, it seems to be working, at least at first. So this bug seems to affect cases where the account exists both locally and in FreeIPA.
Comment 3 Ray Strode [halfline] 2014-03-21 12:54:56 UTC 
can you show me:

$ grep adamw /etc/passwd 
$ getent passwd adamw
Comment 4 Adam Williamson 2014-03-21 15:07:18 UTC 
Well, that's what I meant with the follow-up comments. When I say 'exists locally', I mean 'is in /etc/passwd'. If the account exists both on the FreeIPA server and on the local system - with the same UID, 1001 - it is not shown on the login screen. If it only exists on the FreeIPA server - i.e. I ran 'userdel adamw' locally - it does show on the login screen.

I fixed all three systems now so I don't have a 'broken' case to show you. I guess I can try and recreate one in a test VM later.
Comment 5 Ray Strode [halfline] 2014-03-21 15:34:48 UTC 
i understood you, I just wanted to see the password column from each entry.
Comment 6 Ray Strode [halfline] 2014-03-21 15:35:22 UTC 
(and the shell etc)
Comment 7 Adam Williamson 2014-03-21 17:02:35 UTC 
Hah, so, this is interesting. Re-created in a VM. I think it's actually to do with the *user comment* field in /etc/passwd, bizarre as that sounds.

A 'broken' /etc/passwd entry looks like this (in /etc/passwd, and in getent):

adamw:x:1001:1001::/home/adamw:/bin/bash

if there is both a FreeIPA user account named 'adamw' with uid '1001', and that /etc/passwd entry, the account won't show up in GDM. If I delete the 'local' copy of the account, 'getent passwd adamw' shows:

adamw:*:1001:1001:Adam Williamson:/home/adamw:/bin/bash

and 'Adam Williamson' shows up in the list. But, it's not the 'password' field, because I have another account, 'test'. That account also exists both locally and in FreeIPA, but it *does* show up in the list. That account looks like this in /etc/passwd:

test:x:1000:1000:test:/home/test:/bin/bash

note that one has an entry in the 'comment' field, "test", while the adamw account has an empty 'comment' field.

It seems like the problem happens when you have both a local and remote copy of the account, and the local copy has nothing in the 'comment' field of its /etc/passwd entry.
Comment 8 GitLab Migration User 2018-08-07 09:32:07 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/26.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.