Issue: Unable to login with EntraID
Closed this issue · 3 comments
ebarrere commented
Is there an existing issue for this?
- I have searched the existing issues and found none that matched mine
Describe the issue
I have followed the steps here to install authd and the authd-msentraid broker.
Login fails with authentication status failure: rpc error: code = Unknown desc = can't check authentication: Message recipient disconnected from message bus without replying.
I am in a GovCloud/microsoftonline.us environment if that makes a difference.
Where does the issue happens
- I can reproduce the issue in the graphical display manager
- I can reproduce the issue on a terminal with "login"
Steps to reproduce it
- in Ubuntu 24.04
- install per instructions
- configure for GovCloud environment
System information and logs
Environment
- broker version:
name: authd-msentraid
summary: MSEntra ID broker for authd
publisher: Canonical✓
store-url: https://snapcraft.io/authd-msentraid
license: GPL-3.0
description: |
This is the MS Entra ID broker snap for authd to provide MS Entra ID OIDC based authentication on
Ubuntu with authd.
services:
authd-msentraid: simple, enabled, active
snap-id: vS3oJLMss6lgWwoFcPqYDUA2HB20I1Dc
tracking: 0.x/edge
refresh-date: today at 13:13 MDT
channels:
0.x/stable: 0.1 2024-07-18 (10) 17MB -
0.x/candidate: ↑
0.x/beta: ↑
0.x/edge: 0.1 2024-08-21 (33) 17MB -
installed: 0.1 (10) 17MB -
-
authd version:
authd 0.3.1~ppa4 -
gnome shell version:
gnome-shell:
Installed: 46.3.1-1ubuntu1~24.04.1
Candidate: 46.3.1-1ubuntu1~24.04.1
Version table:
*** 46.3.1-1ubuntu1~24.04.1 500
500 https://ppa.launchpadcontent.net/ubuntu-enterprise-desktop/authd/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
46.0-0ubuntu6~24.04.3 500
500 http://us.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
46.0-0ubuntu5 500
500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
45.2-0ubuntu1.1 500
500 http://security.ubuntu.com/ubuntu mantic-security/main amd64 Packages
45.0-1ubuntu2 500
500 http://nl.archive.ubuntu.com/ubuntu mantic/main amd64 Packages
- Distribution: (NAME in
/etc/os-release)
NAME="Ubuntu" - Distribution version: (VERSION_ID on
/etc/os-release):
VERSION_ID="24.04"
Log files
Please redact/remove sensitive information:
Aug 21 16:02:21 af-070077 authd[466384]: DEBUG Check if this grpc call is requested by root
Aug 21 16:02:21 af-070077 authd[466384]: DEBUG Check if this grpc call is requested by root
Aug 21 16:02:21 af-070077 authd[466384]: DEBUG User "t2-elliott.barrere@arcfield.com" is unknown
Aug 21 16:02:25 af-070077 authd[466384]: DEBUG Check if this grpc call is requested by root
Aug 21 16:02:25 af-070077 authd[466384]: DEBUG Check if this grpc call is requested by root
Aug 21 16:02:26 af-070077 authd[466384]: DEBUG Check if this grpc call is requested by root
Aug 21 16:02:27 af-070077 authd[466384]: DEBUG Check if this grpc call is requested by root
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: panic: runtime error: invalid memory address or nil pointer dereference
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x126e258]
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: goroutine 45 [running]:
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: github.com/ubuntu/authd-oidc-brokers/internal/providers/microsoft_entra_id.MSEntraIDProvider.GetGroups({}, 0xc000202fa0?)
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: /build/authd-msentraid/parts/broker/build/internal/providers/microsoft_entra_id/microsoft-entra-id.go:59 +0xd8
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: github.com/ubuntu/authd-oidc-brokers/internal/broker.(*Broker).fetchUserInfo(0xc000150580, {0x17b74c8?, 0xc000202a00?}, 0xc00016e460?, 0xc000059bf8)
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: /build/authd-msentraid/parts/broker/build/internal/broker/broker.go:666 +0x1b4
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: github.com/ubuntu/authd-oidc-brokers/internal/broker.(*Broker).handleIsAuthenticated(0xc000150580, {0x17b74c8, 0xc000202a00}, 0xc00023c820, 0xc00006efd0?)
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: /build/authd-msentraid/parts/broker/build/internal/broker/broker.go:444 +0x6c8
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: github.com/ubuntu/authd-oidc-brokers/internal/broker.(*Broker).IsAuthenticated.func1()
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: /build/authd-msentraid/parts/broker/build/internal/broker/broker.go:377 +0x49
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: created by github.com/ubuntu/authd-oidc-brokers/internal/broker.(*Broker).IsAuthenticated in goroutine 44
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[467518]: /build/authd-msentraid/parts/broker/build/internal/broker/broker.go:376 +0x49e
Aug 21 16:02:53 af-070077 systemd[1]: snap.authd-msentraid.authd-msentraid.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Aug 21 16:02:53 af-070077 systemd[1]: snap.authd-msentraid.authd-msentraid.service: Failed with result 'exit-code'.
Aug 21 16:02:53 af-070077 authd[466384]: DEBUG Check if this grpc call is requested by root
Aug 21 16:02:53 af-070077 systemd[1]: snap.authd-msentraid.authd-msentraid.service: Scheduled restart job, restart counter is at 2.
Aug 21 16:02:53 af-070077 systemd[1]: Started snap.authd-msentraid.authd-msentraid.service - Service for snap application authd-msentraid.authd-msentraid.
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[474623]: time=2024-08-21T16:02:53.521-06:00 level=INFO msg="No configuration file: Config File \"authd-msentraid\" Not Found in \"[/var/snap/authd-msentraid/10 /root/snap/authd-msentraid/10 /etc/authd-msentraid /snap/authd-msentraid/10/bin]\".\nWe will only use the defaults, env variables or flags."
Aug 21 16:02:53 af-070077 authd-msentraid.authd-msentraid[474623]: time=2024-08-21T16:02:53.522-06:00 level=DEBUG msg="Debug mode is enabled"
Aug 21 16:02:54 af-070077 authd-msentraid.authd-msentraid[474623]: time=2024-08-21T16:02:54.742-06:00 level=DEBUG msg="Building new daemon"
Aug 21 16:02:54 af-070077 authd-msentraid.authd-msentraid[474623]: time=2024-08-21T16:02:54.742-06:00 level=DEBUG msg="Starting to serve requests"
Aug 21 16:02:54 af-070077 authd-msentraid.authd-msentraid[474623]: time=2024-08-21T16:02:54.742-06:00 level=INFO msg="Serving requests as com.ubuntu.authd.MSEntraID"
Application settings
Please redact/remove sensitive information:
Broker configuration:
[oidc]
issuer = https://login.microsoftonline.us/${TENANT_ID}/v2.0
client_id = ${CLIENT_ID}
[users]
# The directory where the home directory will be created for new users.
# Existing users will keep their current directory.
# The user home directory will be created in the format of {home_base_dir}/{username}
# home_base_dir = /home
# The username suffixes that are allowed to login via ssh without existing previously in the system.
# The suffixes must be separated by commas.
# ssh_allowed_suffixes = @example.com,@anotherexample.com
ssh_allowed_suffixes = @arcfield.com
Broker authd configuration:
itadmin@af-070077:~$ cat /etc/authd/brokers.d/msentraid.conf
# This section is used by authd to identify and communicate with the broker.
# It should not be edited.
[authd]
name = Microsoft Entra ID
brand_icon = /snap/authd-msentraid/current/broker_icon.png
dbus_name = com.ubuntu.authd.MSEntraID
dbus_object = /com/ubuntu/authd/MSEntraID
Relevant information
No response
Double check your logs
- I have redacted any sensitive information from the logs
ebarrere commented
Thanks, I thought I had tried using edge but I guess it didn't take.
ebarrere commented
It looks like GCC-H users still need to use the edge channel even following the announcement of this feature reaching GA?