Open namato1 opened 2 weeks ago
Thank you for the report. We need some more information to debug the issue.
/usr/libexec/authd version
authd edits /etc/group
to add the user to local groups. Please check the content of that file and that it's not modified during reboot.
You can also check the output of getent group
to see if the group is listed there and if the user is a member of the group.
Are the groups added back when you log in via device authentication again? You can do that by running sudo login $USER
and then press escape on the "Enter your local password" prompt.
Hello I think you missed some steps
Login with local account Create a local group mygroup Create a group linux-mygroup in Entra Add Entra user in Entra Group linux-mygroup login with authd
I tested this with a user who has 6 entra groups, including linux-sudo and linux-docker. The user is properly added to the local sudo and docker groups after login. If you have more than 100 entra groups, it don't work : https://github.com/ubuntu/authd/issues/549
Hello
I think you missed some steps
Login with local account
Create a local group mygroup
Create a group linux-mygroup in Entra
Add Entra user in Entra Group linux-mygroup
login with authd
I tested this with a user who has 6 entra groups, including linux-sudo and linux-docker. The user is properly added to the local sudo and docker groups after login.
If you have more than 100 entra groups, it don't work : https://github.com/ubuntu/authd/issues/549
We are not trying to add these local groups to Entra. The goal is to only add local groups. Having to create groups in Entra adds to the issue that the groups were not being pulled down. Most our users are in 400-500 entra groups. This presented us with the issue that only 100 groups were being pulled. Having actual local groups can be very useful.
The other issue we started to see is that the login keychain is not created for the user. This could be related to this issue.
Appreciate the response and if there is a solution that already exists please let me know. Thank you
I think the group sync of authd at logon purges your local group if it doesn't find it in entra (linux-mylocalgroup). In my opinion no solution for the moment as long as there is the limit of 100 groups
I think the group sync of authd at logon purges your local group if it doesn't find it in entra (linux-mylocalgroup).
In my opinion no solution for the moment as long as there is the limit of 100 groups
Yea, this is where other issues arise for us as well since we can't just name an entry group linux-mygroup. We have to use specific naming schemes for our groups and we have not been able to get exceptions for that. This is the reason for wanting local groups to just work without Entra
I double that - in our case we just need to use some local groups that are managed by another system but now it seems they are cleared on each login.
Another case is if we add linux-sudo to user then user get's sudo on all computers which may not be something we want.
I double that - in our case we just need to use some local groups that are managed by another system but now it seems they are cleared on each login.
Another case is if we add linux-sudo to user then user get's sudo on all computers which may not be something we want.
We as well would like be happy to add Entra authd users to local Linux groups without needing to have a group in Entra and I agree with this message.
For our specific usecase, we want to add the Entra users to the local microk8s group to let a Entra user to manage it on a specific machine.
sudo usermod -a -G microk8s august@example.org
sudo chown -R august@example.org ~/.kube
Is there an existing issue for this?
Describe the issue
Users is not able to be added to any local groups. They are removed after reboot/logout.
Steps to reproduce
Login with local account Create a group Add the Entra user to the group Check to see user is in the group Reboot Login with authd Check users groups User is not in the local group
System information and logs
No response
Double check your logs