Chromad: Encryption error is not displayed on the user auth screen |
|||||||
Issue descriptionChrome Version: 67.3394.0 What steps will reproduce the problem? (1) Enroll device into Active Directory management (2) Disable AES encryption for the user (3) Try to authenticate with that user What is the expected result? Error saying something about "Encryption type is not supported, please contact your administrator" What happens instead? Error "Oops! An unknown error occured. Please try again later or contact your administrator if the issue persists" Please use labels and text to provide additional information. If this is a regression (i.e., worked before), please consider using the bisect tool (https://www.chromium.org/developers/bisect-builds-py) to help us identify the root cause and more rapidly triage the issue. For graphics-related bugs, please copy/paste the contents of the about:gpu page at the end of this report.
,
Jun 19 2018
Seems to work fine in 69.0.3466.0. I'm seeing the proper error message trying to domain join with LEGACY enc types. 2018-06-19T12:07:10.618929+00:00 INFO authpolicyd[6734]: Kerberos encryption types changed to legacy 2018-06-19T12:07:13.350884+00:00 INFO authpolicyd[6734]: libminijail[2]: child process 12 exited with status 255 2018-06-19T12:07:13.351055+00:00 INFO authpolicyd[6734]: Kerberos encryption types changed to strong 2018-06-19T12:07:13.351084+00:00 ERR authpolicyd[6734]: net ads join failed: KDC does not support encryption type 2018-06-19T12:07:13.351120+00:00 INFO authpolicyd[6734]: JoinADDomain failed with code 36
,
Jun 19 2018
AuthenticateUser
,
Jun 20 2018
OIC. I've uploaded a fix.
,
Jun 21 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/b0f67211b8bde64805e1a06c81dcad03d80d25f9 commit b0f67211b8bde64805e1a06c81dcad03d80d25f9 Author: Lutz Justen <ljusten@chromium.org> Date: Thu Jun 21 15:14:31 2018 authpolicy: Return proper error for bad encryption type AuthenticateUser() returns ERROR_KDC_DOES_NOT_SUPPORT_ENCRYPTION_TYPE with this CL if KDC does not support the enforced encryption types. Before, it returned a generic error. This will let Chrome display a proper error message (not done yet). BUG= chromium:831128 TEST=cros_run_unit_tests --board=amd64-generic --packages "authpolicy" In the GPO editor, set "Allowed Kerberos encryption types" to legacy. On Chromebook, remove and re-add your user and log in. Login should fail and Chrome should display a proper message about encryption types (once Chrome is fixed). Change-Id: I46871a1d5dd780770304ffbbab277f6c9a3acacb Reviewed-on: https://chromium-review.googlesource.com/1107700 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/b0f67211b8bde64805e1a06c81dcad03d80d25f9/authpolicy/authpolicy_unittest.cc [modify] https://crrev.com/b0f67211b8bde64805e1a06c81dcad03d80d25f9/authpolicy/stub_kinit_main.cc [modify] https://crrev.com/b0f67211b8bde64805e1a06c81dcad03d80d25f9/authpolicy/tgt_manager.cc
,
Jun 22 2018
Chrome OS side is hooked up, but I think Chrome doesn't handle ERROR_KDC_DOES_NOT_SUPPORT_ENCRYPTION_TYPE for auth yet.
,
Jun 22 2018
Thanks!
,
Jun 25 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/283bafe35fd208da7191402282550e8eee7f55ba commit 283bafe35fd208da7191402282550e8eee7f55ba Author: Roman Sorokin <rsorokin@chromium.org> Date: Mon Jun 25 11:36:05 2018 Chromad: Show encryption error during authentication BUG= chromium:831128 TEST=manual TBR=alemate@chromium.org Change-Id: Ib9368a9ba657b381601086357abf4b766ef7b984 Reviewed-on: https://chromium-review.googlesource.com/1112240 Reviewed-by: Lutz Justen <ljusten@chromium.org> Commit-Queue: Roman Sorokin <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#570006} [modify] https://crrev.com/283bafe35fd208da7191402282550e8eee7f55ba/chrome/app/chromeos_strings.grdp [modify] https://crrev.com/283bafe35fd208da7191402282550e8eee7f55ba/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc
,
Jun 29 2018
,
Jun 29 2018
Verified fixed, the proper encryption error message is displaying when auth failed due wrong encryption type (see attached screenshot). Chrome OS: 10827.0.0 Chrome: 69.0.3475.0 Device: Robo |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by rsorokin@chromium.org
, Jun 13 2018