[Desktop-packages] [Bug 1777318] [NEW] GDM3 completely ignore pam_group

[Marco Gaiarin]

Public bug reported:

I'm using some ubuntu machine in a network where users data came from
LDAP.

I've setup PAM/NSS to use LDAP account and all works as expected.
Apart assigning local group to users, via pam_group.

I've added to /etc/pam.d/common-auth (to the end):
 auth    optional                        pam_group.so

and added to /etc/security/group.conf:
 *; *; %sysops; Al0000-2400; 
adm,sudo,admin,dip,cdrom,floppy,plugdev,lpadmin,sambashare

but groups are not added as expected, i'm not in 'admin' or 'sudo' group
(eg, i cannot do administrative tasks) and if i fire up a terminal:

 gaio@dora:~$ id
 uid=1000(gaio) gid=1001(casa) gruppi=1001(casa),1000(sysops),1003(bbs)

note that group assignment works, eg:

 gaio@dora:~$ ssh localhost
 gaio@localhost's password: 
 Welcome to Ubuntu 18.04 LTS (GNU/Linux 4.15.0-23-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage


 * Canonical Livepatch is available for installation.
   - Reduce system reboots and improve kernel security. Activate at:
     https://ubuntu.com/livepatch

 0 pacchetti possono essere aggiornati.
 0 sono aggiornamenti di sicurezza.

 Last login: Sun Jun 17 14:36:50 2018 from 127.0.0.1
 gaio@dora:~$ id 
 uid=1000(gaio) gid=1001(casa)  
gruppi=1001(casa),4(adm),24(cdrom),25(floppy),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),1000(sysops),1003(bbs)

Previous LTS (16.04) with LightDM works as expected. This bug seems very
similar to #880104 .

Thanks.

** Affects: gdm3 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1777318

Title:
  GDM3 completely ignore pam_group

Status in gdm3 package in Ubuntu:
  New

Bug description:
  I'm using some ubuntu machine in a network where users data came from
  LDAP.

  I've setup PAM/NSS to use LDAP account and all works as expected.
  Apart assigning local group to users, via pam_group.

  I've added to /etc/pam.d/common-auth (to the end):
   auth    optional                        pam_group.so

  and added to /etc/security/group.conf:
   *; *; %sysops; Al0000-2400; 
adm,sudo,admin,dip,cdrom,floppy,plugdev,lpadmin,sambashare

  but groups are not added as expected, i'm not in 'admin' or 'sudo'
  group (eg, i cannot do administrative tasks) and if i fire up a
  terminal:

   gaio@dora:~$ id
   uid=1000(gaio) gid=1001(casa) gruppi=1001(casa),1000(sysops),1003(bbs)

  note that group assignment works, eg:

   gaio@dora:~$ ssh localhost
   gaio@localhost's password: 
   Welcome to Ubuntu 18.04 LTS (GNU/Linux 4.15.0-23-generic x86_64)

   * Documentation:  https://help.ubuntu.com
   * Management:     https://landscape.canonical.com
   * Support:        https://ubuntu.com/advantage

  
   * Canonical Livepatch is available for installation.
     - Reduce system reboots and improve kernel security. Activate at:
       https://ubuntu.com/livepatch

   0 pacchetti possono essere aggiornati.
   0 sono aggiornamenti di sicurezza.

   Last login: Sun Jun 17 14:36:50 2018 from 127.0.0.1
   gaio@dora:~$ id 
   uid=1000(gaio) gid=1001(casa)  
gruppi=1001(casa),4(adm),24(cdrom),25(floppy),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),1000(sysops),1003(bbs)

  Previous LTS (16.04) with LightDM works as expected. This bug seems
  very similar to #880104 .

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1777318/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp