Issue: user id and group idtoo long for many software #441
Comments
|
Found this ticket while troubleshooting this exact issue on a fleet of VMs. Any workaround? |
|
@sindreal look for me like this is abandoned. No changes (only automatics), no reactions on issues and no new needed features like groups and so on (could be realized via SCIMv2). There is another Ubuntu project that is more generic but has the same problematic workflows, see: https://github.com/ubuntu/oidc-broker. I also tried to get in contact with Massimiliano Gori (https://ubuntu.com/blog/azure-ad-authentication-comes-to-ubuntu-desktop-23-04) via LinkedIn but no reaction. |
|
Looks like they've moved on to https://github.com/ubuntu/authd |
|
@stedaniels yes looks like but no documentation, no information for the users nothing. This is a mess. |
aad-auth assigns users to UIDs which are too large for some common software. There are many reports of this problem, notably relating to xdg-desktop-portal-gnome not working: - In ubuntu#278, screensharing does not work because the portal is not loaded. - We have also had this problem. - In ubuntu#200, applications take excessively long to open. - We have experienced this issue with a variety of apps, including the nmapplet, gnome-terminal, and chromium. - In ubuntu#441 brings up exactly this issue, but hasn't had a response. Adding a `min_uid` and `max_uid` configuration option allows the user to specify the range in which UIDs should be generated, thereby enabling admins to cap the UIDs at a range which works with most software. To prevent existing installations from changing their behaviour, the default values, when the parameters aren't specified in the configuration file, remain at `100000` and `math.MaxUint32`, however the config template now explicitly sets the values to values which play nicely with xdg-desktop-portal-gnome, in an attempt to give new users a better experience. Also, when a collision is found, instead of only incrementing the UID, which may overflow and end up as UID 0 (root!!!), we instead wrap around only within the specified range.
|
I managed to fix this by directly editing /var/lib/aad/cache/passwd.db and /var/lib/aad/cache/shadow.db with an SQLite editor. Just change the UID and GID in every table to something over 60000 then chown -R the home directories of the users. It’s only a hotfix but it’ll do until they accept a pull request which introduces configurable UID and GID for new users. |
Is there an existing issue for this?
Describe the issue
hi,
we try to get it running on ubuntu 23.10 and run into some issues. Looks like the same like in #200.
After digging a little bit deeper into the system, we could see that for example, xdg-desktop-portal-gnome runs into a long timeout.
Removing it and replace it with xdg-desktop-portal-wl and it runs.
But there were many other errors. After looking a round, we found that some software seems to have problems with the large uid/gid which is created by aadauth. Here for example: 3583755937 as uid and gid.
If I create a local user with such a high uid and gid I see the same problems as with aad-auth.
Steps to reproduce it
ubuntu 23.10
install aad auth
Login as Azure ad user
try to start software from gnome for example firefox
Ubuntu users: System information and logs
No response
Non Ubuntu users: System information and logs
Environment
aad-cli version/etc/os-release)/etc/os-release):Log files
Please redact/remove sensitive information:
Application settings
Please redact/remove sensitive information:
Relevant information
No response
Double check your logs
The text was updated successfully, but these errors were encountered: