Skip to content

[ActiveDirectory] Fix usage of authselect which used to cause node boostrap failures on Rocky 9.5+ when directory service is used. #2894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 10, 2025
Merged

[ActiveDirectory] Fix usage of authselect which used to cause node boostrap failures on Rocky 9.5+ when directory service is used. #2894

merged 2 commits into from
Mar 10, 2025

Conversation

@gmarciani
Copy link
Contributor

@gmarciani gmarciani commented Mar 7, 2025
edited
Loading

Description of changes

Fix usage of authselect which used to cause node bootstrap failures on Rocky 9.5+ when directory service is used.

Starting with Rocky 9.5, authselect commands started failing with the error below, which can be fixed by forcing the overwrite of the target files:

authselect select sssd with-mkhomedir
[error] File [/etc/pam.d/system-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/password-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/fingerprint-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/smartcard-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/postlogin] exists but it needs to be overwritten!
[error] File [/etc/nsswitch.conf] exists but it needs to be overwritten!
[error] File that needs to be overwritten was found
[error] Refusing to activate profile unless this file is removed or overwrite is requested.

Some unexpected changes to the configuration were detected.
Use --force parameter if you want to overwrite these changes.

It is safe to force the update because:

  1. the --force option implicitly back ups existing configurations, if any. See https://man.linuxreviews.org/man8/authselect.8.html

Tests

  • test_ad_integration

References

  • Link to impacted open issues.
  • Link to related PRs in other packages (i.e. cookbook, node).
  • Link to documentation useful to understand the changes.

Checklist

  • Make sure you are pointing to the right branch.
  • If you're creating a patch for a branch other than develop add the branch name as prefix in the PR title (e.g. [release-3.6]).
  • Check all commits' messages are clear, describing what and why vs how.
  • Make sure to have added unit tests or integration tests to cover the new/modified code.
  • Check if documentation is impacted by this change.

Please review the guidelines for contributing and Pull Request Instructions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@gmarciani gmarciani force-pushed the wip/mgiacomo/3130/fix-multi-user-config-rocky9-1 branch from 39f2133 to 1ecf20b Compare March 7, 2025 16:21
@gmarciani
[ActiveDirectory] Fix usage of authselect causing node bootstrap fail…
0551518 
…ures on Rocky 9.5+ when directory service is used.
@gmarciani gmarciani force-pushed the wip/mgiacomo/3130/fix-multi-user-config-rocky9-1 branch from 1ecf20b to 0551518 Compare March 7, 2025 16:41
@gmarciani gmarciani marked this pull request as ready for review March 10, 2025 17:03
@gmarciani gmarciani requested review from a team as code owners March 10, 2025 17:03
@gmarciani gmarciani enabled auto-merge (rebase) March 10, 2025 17:39
@gmarciani gmarciani merged commit 43ccc6f into aws:develop Mar 10, 2025
29 of 31 checks passed
@gmarciani gmarciani deleted the wip/mgiacomo/3130/fix-multi-user-config-rocky9-1 branch March 10, 2025 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@himani2411 himani2411 himani2411 approved these changes

Assignees

No one assigned

Labels

3.x bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gmarciani @himani2411