Unable to keep session into cockpit after joining Domain

[superfantafedera]

Cockpit version: 215 OS: Ubuntu Server 20.04.2 LTS

Hi all, we have a server joined to AD domain. The AD join was done using Cockpit, after the join we were able to SSO into cockpit but after few seconds the session was disconnected.

below you'll find the logs from auth.log:

cockpit-session: pam_sss(cockpit:account): Access denied for user ciccio@PASTICCIO.LAN: 6 (Permission denied) cockpit-session: pam_unix(cockpit:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=ciccio.admin@pasticcio.lan cockpit-session: pam_sss(cockpit:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=ciccio.admin@pasticcio.lan cockpit-session: pam_sss(cockpit:account): Access denied for user ciccio.admin@pasticcio.lan: 6 (Permission denied) cockpit-session: pam_unix(cockpit:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=ciccio.admin@pasticcio.lan cockpit-session: pam_sss(cockpit:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=ciccio.admin@pasticcio.lan cockpit-session: pam_unix(cockpit:session): session opened for user ciccio.admin@pasticcio.lan by (uid=0) cockpit-session: pam_systemd(cockpit:session): Failed to create session: No such process pam_unix(sudo:auth): authentication failure; logname= uid=1572605490 euid=0 tty= ruser=ciccio.admin@pasticcio.lan rhost= user=ciccio.admin@pasticcio.lan sudo: pam_sss(sudo:auth): authentication success; logname= uid=1572605490 euid=0 tty= ruser=ciccio.admin@pasticcio.lan rhost= user=ciccio.admin@pasticcio.lan sudo: ciccio.admin@pasticcio.lan : TTY=unknown ; PWD=/home/ciccio.admin@pasticcio.lan/.cache ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged sudo: pam_unix(sudo:session): session opened for user root by (uid=0) realmd[48357]: Loaded settings from: /usr/lib/realmd/realmd-defaults.conf /usr/lib/realmd/realmd-distro.conf realmd[48357]: holding daemon: startup realmd[48357]: starting service realmd[48357]: connected to bus realmd[48357]: GLib-GIO: _g_io_module_get_default: Found default implementation local (GLocalVfs) for ‘gio-vfs’ realmd[48357]: released daemon: startup realmd[48357]: claimed name on bus: org.freedesktop.realmd realmd[48357]: client using service: :1.992 realmd[48357]: holding daemon: :1.992 realmd[48357]: client gone away: :1.992 realmd[48357]: released daemon: :1.992 sudo: pam_unix(sudo:session): session closed for user root cockpit-session: pam_unix(cockpit:session): session closed for user ciccio.admin@pasticcio.lan

Thanks a lot for your help

[superfantafedera]

in addition to the previous logs below you'll find the logs from "journalctl -f" May 05 17:23:10 server.pasticcio.lan sudo[51709]: ciccio.admin@pasticcio.lan : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/ciccio.admin@pasticcio.lan/.cache ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51709]: sudo: 3 incorrect password attempts May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: 1:2!13: Exhausted all available authentication mechanisms (tried: EXTERNAL) (available: EXTERNAL) May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: 1:2!7: (null) May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: 1:2!16: (null) May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: 1:2!17: (null) May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: 1:2!8: (null) May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: 1:1!1: Exhausted all available authentication mechanisms (tried: EXTERNAL) (available: EXTERNAL) May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: 1:3!1: Exhausted all available authentication mechanisms (tried: EXTERNAL) (available: EXTERNAL) May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51719]: exec gdb failed: No such file or directory May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: Error: signal Segmentation fault: May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: cockpit-bridge(+0x46fee)[0x55fbf532afee] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libc.so.6(+0x46210)[0x7f4defbe7210] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_slice_alloc+0x1ed)[0x7f4deff3562d] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_slist_prepend+0x1a)[0x7f4deff3651a] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x1969c)[0x7f4df000769c] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x1a6b8)[0x7f4df00086b8] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new_valist+0x418)[0x7f4df000a378] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new+0x9d)[0x7f4df000a6cd] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: cockpit-bridge(+0x2ddcb)[0x55fbf5311dcb] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: cockpit-bridge(+0x2e1cd)[0x55fbf53121cd] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: cockpit-bridge(+0x2ed94)[0x55fbf5312d94] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libffi.so.7(+0x6ff5)[0x7f4defacaff5] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libffi.so.7(+0x640a)[0x7f4defaca40a] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_cclosure_marshal_generic+0x4ad)[0x7f4df000330d] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_closure_invoke+0x1b2)[0x7f4df0002802] May 05 17:23:10 server.pasticcio.lan cockpit-bridge[51693]: /lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x28814)[0x7f4df0016814] May 05 17:23:10 server.pasticcio.lan cockpit-session[51687]: pam_unix(cockpit:session): session closed for user ciccio.Admin@pasticcio.LAN May 05 17:23:11 server.pasticcio.lan cockpit-ws[51562]: /usr/lib/cockpit/cockpit-session: bridge program failed: Child process killed by signal 11 May 05 17:23:11 server.pasticcio.lan cockpit-ws[51562]: Connection to session (null) closed

[superfantafedera]

Hi All, upgrading to cockpit 238 (using focal backports; so apt install cockpit/focal-backports) the issue is not present anymore.