Joining a domain breaks system

Working with a fresh install of Silverblue in a VM, everything is up to date. The only layered packages installed are oddjob and oddjob-mkhomedir.

                     Version: 32.20200927.0 (2020-09-27T01:39:56Z)
            BaseCommit: 50e74618cbd91d0098ad3cf0cc497c0e1cc939348080e0892e497c0d07d1aeb1
          GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
       LayeredPackages: oddjob oddjob-mkhomedir

As soon as I do
realm discover ad.mydomain.com
realm join ad.mydomain.com

All my system users disappear!
$ id gdm
id: ‘gdm’: no such user

$ id dbus
id: ‘dbus’: no such user

This of course renders the system unusable as nothing will start because of missing users once I reboot the system…

My AD users do show up though, but login in via the console just gives System Error and kicks me back to the login.
$ id greg@ad.mydomain.com
uid=809201000(greg@ad.mydomain.com) gid=809200513(domain users@ad.mydomain.com) groups=809200513(domain users@ad.mydomain.com),809201112(desktop users@ad.mydomain.com),809200512(domain admins@ad.mydomain.com),809200518(schema admins@ad.mydomain.com),809200572(denied rodc password replication group@ad.mydomain.com)

Am I doing something wrong (every guide I’ve read says this is how to setup domain login on fedora) or is this just broken under silverblue?

1 Like
grep -e ^passwd: -e ^group: /etc/nsswitch.conf
1 Like
passwd:     sss files systemd
group:      sss files systemd
1 Like

Try to change the order:

files systemd sss
1 Like

Changed and rebooted. No change, it still can’t find the system users.

1 Like

Try to add altfiles:
https://bugzilla.redhat.com/show_bug.cgi?id=1751417

2 Likes

Awesome, adding altfiles did the trick! Everything is working now :grinning:
Looks like that bug needs to be reopened

1 Like

I’ve re-opened the bug against the latest release.

2 Likes