Issue: case-sensitivity in username
Closed this issue · 4 comments
Is there an existing issue for this?
- I have searched the existing issues and found none that matched mine
Describe the issue
Hi there. I've just installed Ubuntu 24.04, installed authd and the authd-msentraid snap. I got the OIDC app installed and the 3 API perms set - and ticked "green". After a reboot I tried logging in via GDM as "username@our.EntraID.domain". That got me the QR code, walked that through on my phone and approved the device, set local password (twice) and then gdm carries on and I end up at the gdm login prompt again. After entering password, it failed, and auth.log showed
authd[900]: 2024/08/26 13:28:06 WARN can't check authentication: provided userinfo is invalid: username "USERNAME@our.EntraID.domain"." does not match the selected username "username@our.EntraID.domain".
So that's an easy one. AzureAD is case-insensitive - but it stores username portions in the case they were entered. i.e. whoever set my username up years ago set it in uppercase - but I always login lowercase. So I would guess authd needs to check (or ignore?) case more?
Secondly, once I went through the whole initialization process again for "USERNAME@our.EntraID.domain", it still fails - this time this shows up in the logs
authd[900]: 2024/08/26 13:31:57 ERROR GID for group "group1" already in use by group "group2"
authd[900]: 2024/08/26 13:31:57 WARN can't check authentication: failed to update user "USERNAME@our.EntraID.domain": GID for group "group1" already in use by a different group
Now that I can't help you with. Yes those are two AD groups (if it matters, we are Hybrid mode, i.e. old Enterprise AD hooked into EntraID) that I am members of - why they show up as the same GID is beyond me - they certainly show no evidence of problems outside of this authd event.
Where does the issue happens
- I can reproduce the issue in the graphical display manager
- I can reproduce the issue on a terminal with "login"
Steps to reproduce it
I've just installed Ubuntu 24.04, installed authd and the authd-msentraid snap. I got the OIDC app installed and the 3 API perms set - and ticked "green". After a reboot I tried logging in via GDM as "username@our.EntraID.domain". That got me the QR code, walked that through on my phone and approved the device, set local password (twice) and then gdm carries on and I end up at the gdm login prompt again. After entering password, it failed, and auth.log showed
authd[900]: 2024/08/26 13:28:06 WARN can't check authentication: provided userinfo is invalid: username "USERNAME@our.EntraID.domain"." does not match the selected username "username@our.EntraID.domain".
So that's an easy one. AzureAD is case-insensitive - but it stores username portions in the case they were entered. i.e. whoever set my username up years ago set it in uppercase - but I always login lowercase. So I would guess authd needs to check (or ignore?) case more?
Secondly, once I went through the whole initialization process again for "USERNAME@our.EntraID.domain", it still fails - this time this shows up in the logs
authd[900]: 2024/08/26 13:31:57 ERROR GID for group "group1" already in use by group "group2"
authd[900]: 2024/08/26 13:31:57 WARN can't check authentication: failed to update user "USERNAME@our.EntraID.domain": GID for group "group1" already in use by a different group
Now that I can't help you with. Yes those are two AD groups (if it matters, we are Hybrid mode, i.e. old Enterprise AD hooked into EntraID) that I am members of - why they show up as the same GID is beyond me - they certainly show no evidence of problems outside of this authd event.
System information and logs
Environment
- broker version: please run
snap info authd-msentraid - authd version: please run
/usr/libexec/authd version - gnome shell version: please run
apt policy gnome-shell - Distribution: (NAME in
/etc/os-release) - Distribution version: (VERSION_ID on
/etc/os-release):
Log files
Please redact/remove sensitive information:
Authd entries:
journalctl -u authd.service
MS Entra ID broker entries:
journalctl -u snap.authd-msentraid.authd-msentraid.service
Application settings
Please redact/remove sensitive information:
Broker configuration:
cat /var/snap/authd-msentraid/current/broker.conf
Broker authd configuration:
cat /etc/authd/brokers.d/msentraid.conf
Relevant information
No response
Double check your logs
- I have redacted any sensitive information from the logs
Experiencing the same with the groups and case sensitivity. This happens with both GDM and Terminal
Thanks for your report.
We reproduced the error and will provide a fix.
Today I installed 24.04.1 as a test and used the stable version of authd. I was able to login without getting a group error. I have only tried the Terminal and will test more during the week.