Hi Joost, I think those kwallet errors are harmless if you don't use KDE; I commented mine out. 0 root@muizenberg:/etc/pam.d#grep kwal * lightdm:#auth optional pam_kwallet.so lightdm:#session optional pam_kwallet.so auto_start lightdm.all.allowed:#auth optional pam_kwallet.so lightdm.all.allowed:#session optional pam_kwallet.so auto_start lightdm-greeter:#auth optional pam_kwallet.so lightdm-greeter:#session optional pam_kwallet.so auto_start lightdm.user.allowed:#auth optional pam_kwallet.so lightdm.user.allowed:#session optional pam_kwallet.so auto_start
I think you can ignore pam_succeed_if, I see that regularly. You DO seem to have unix_chkpwd, but I also get that message after the fix; from your logs: Jul 9 08:45:12 zotac-44 unix_chkpwd[4847]: password check failed for user (testuser) This is me succesfully unlocking after the unix_chkpwd workaround: 0 root@muizenberg:~#ls -l /sbin/unix_chkpwd -rwsr-sr-x 1 root shadow 35536 Feb 1 00:21 /sbin/unix_chkpwd 0 root@muizenberg:/var/log#tail -n 5 auth.log Jul 9 11:10:35 muizenberg compiz: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "jan" Jul 9 11:10:37 muizenberg unix_chkpwd[22139]: password check failed for user (jan) Jul 9 11:10:37 muizenberg compiz: pam_unix(lightdm:auth): authentication failure; logname= uid=10000 euid=10000 tty= ruser= rhost= user=jan Jul 9 11:10:37 muizenberg compiz: gkr-pam: unlocked login keyring Jul 9 11:10:37 muizenberg compiz: pam_group(lightdm:setcred): unable to set the group membership for user: Operation not permitted 0 root@muizenberg:/var/log# Another thought, are there any dconf/gsettings lockdown in LTSP that might affect this? Regards, Jan On 9 July 2014 10:42, Joost Ringoot <jo...@ringoot.org> wrote: > Hello Jan, > > Apparently the LTSP authentication method for the client is not the same > as for the server, I was to hastly to say that sssd was installed in the > LTSP client like it is on the server, it is not by default. > > There are no errors "unix_chkpwd" in the logs but: > Jul 9 08:44:58 zotac-44 compiz: PAM unable to dlopen(pam_kwallet.so): > /lib/security/pam_kwallet.so: cannot open shared object file: No such file > or directory > Jul 9 08:44:58 zotac-44 compiz: PAM adding faulty module: pam_kwallet.so > Jul 9 08:44:58 zotac-44 compiz: pam_succeed_if(lightdm:auth): requirement > "user ingroup nopasswdlogin" not met by user "testuser" > Jul 9 08:45:12 zotac-44 unix_chkpwd[4847]: password check failed for user > (testuser) > Jul 9 08:45:12 zotac-44 compiz: pam_unix(lightdm:auth): authentication > failure; logname= uid=2683 euid=2683 tty= ruser= rhost= user=testuser > Jul 9 08:45:14 zotac-44 compiz: PAM unable to dlopen(pam_kwallet.so): > /lib/security/pam_kwallet.so: cannot open shared object file: No such file > or directory > Jul 9 08:45:14 zotac-44 compiz: PAM adding faulty module: pam_kwallet.so > Jul 9 08:45:14 zotac-44 compiz: pam_succeed_if(lightdm:auth): requirement > "user ingroup nopasswdlogin" not met by user "testuser" > > -- > You received this bug notification because you are a member of AIMS, > which is subscribed to the bug report. > https://bugs.launchpad.net/bugs/1314095 > > Title: > Unity Lockscreen in 14.04 can't unlock when using LDAP account > > Status in Unity: > Incomplete > Status in "unity" package in Ubuntu: > Incomplete > > Bug description: > My setup is: > > Ubuntu 14.04 LTS, > ldap accounts, > krb5 authentication, > Lightdm, > Unity session > > ldap+krb5 is configured using nss-ldapd and nslcd. It works fine. getent > passwd and getent shadow works fine. > I am able to login in console without any problems. > I was able to login in lightdm. > Then I used the lock screen. > I could not disable the lock screen using my password. > I rebooted my computer. > > Now: > After logging in through lightdm, the unity lockscreen locks the screen > immediately and I can not disable it using my password. > > From my short inspection of auth.log and unix_chkpwd sources it seems, > that unix_chkpwd works fine when called from lightdm and fails to get > user info when called from unity lockscreen. > > > lsb_release -rd > Description: Ubuntu 14.04 LTS > Release: 14.04 > > apt-cache policy unity lightdm libpam-modules > unity: > Installed: 7.2.0+14.04.20140416-0ubuntu1 > Candidate: 7.2.0+14.04.20140416-0ubuntu1 > Version table: > *** 7.2.0+14.04.20140416-0ubuntu1 0 > 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages > 100 /var/lib/dpkg/status > lightdm: > Installed: 1.10.0-0ubuntu3 > Candidate: 1.10.0-0ubuntu3 > Version table: > *** 1.10.0-0ubuntu3 0 > 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages > 100 /var/lib/dpkg/status > libpam-modules: > Installed: 1.1.8-1ubuntu2 > Candidate: 1.1.8-1ubuntu2 > Version table: > *** 1.1.8-1ubuntu2 0 > 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages > 100 /var/lib/dpkg/status > > Contents of /var/log/auth.log: > > Apr 29 06:49:27 localhost lightdm: pam_succeed_if(lightdm:auth): > requirement "user ingroup nopasswdlogin" not met by user "user" > Apr 29 06:49:31 localhost lightdm: pam_unix(lightdm:auth): > authentication failure; logname= uid=0 euid=0 tty=:2 ruser= rhost= > user=user > Apr 29 06:49:31 localhost lightdm: pam_krb5(lightdm:auth): user user > authenticated as user@NETWORK > Apr 29 06:49:32 localhost lightdm[15604]: > pam_unix(lightdm-greeter:session): session closed for user lightdm > Apr 29 06:49:37 localhost unix_chkpwd[15825]: check pass; user unknown > Apr 29 06:49:37 localhost unix_chkpwd[15825]: password check failed for > user (user) > Apr 29 06:49:37 localhost compiz: pam_unix(lightdm:auth): authentication > failure; logname= uid=1001 euid=1001 tty= ruser= rhost= user=user > Apr 29 06:49:37 localhost compiz: pam_krb5(lightdm:auth): user user > authenticated as user@NETWORK > Apr 29 06:49:37 localhost unix_chkpwd[15826]: could not obtain user info > (user) > Apr 29 06:49:37 localhost unix_chkpwd[15827]: could not obtain user info > (user) > Apr 29 06:49:37 localhost compiz: pam_succeed_if(lightdm:auth): > requirement "user ingroup nopasswdlogin" not met by user "user" > > cat /etc/pam.d/common-auth > account required pam_unix.so > auth required pam_group.so > auth [success=2 default=ignore] pam_unix.so try_first_pass nullok_secure > auth [success=1 default=ignore] pam_krb5.so try_first_pass > minimum_uid=200 > auth requisite pam_deny.so > auth required pam_permit.so > > auth optional pam_afs_session.so minimum_uid=200 > auth optional pam_ecryptfs.so unwrap > auth optional pam_cap.so > > cat /etc/pam.d/common-account > account required pam_unix.so > > cat /etc/pam.d/lightdm > auth requisite pam_nologin.so > auth sufficient pam_succeed_if.so user ingroup nopasswdlogin > @include common-auth > auth optional pam_gnome_keyring.so > @include common-account > session [success=ok ignore=ignore module_unknown=ignore default=bad] > pam_selinux.so close > auth optional pam_group.so > session required pam_limits.so > @include common-session > session [success=ok ignore=ignore module_unknown=ignore default=bad] > pam_selinux.so open > session optional pam_gnome_keyring.so auto_start > session required pam_env.so readenv=1 > session required pam_env.so readenv=1 user_readenv=1 > envfile=/etc/default/locale > @include common-password > > To manage notifications about this bug go to: > https://bugs.launchpad.net/unity/+bug/1314095/+subscriptions > > -- > Mailing list: https://launchpad.net/~aims > Post to : a...@lists.launchpad.net > Unsubscribe : https://launchpad.net/~aims > More help : https://help.launchpad.net/ListHelp > -- .~. /V\ Jan Groenewald /( )\ www.aims.ac.za ^^-^^ -- You received this bug notification because you are a member of DX Packages, which is subscribed to unity in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1314095 Title: Unity Lockscreen in 14.04 can't unlock when using LDAP account Status in Unity: Incomplete Status in “unity” package in Ubuntu: Incomplete Bug description: My setup is: Ubuntu 14.04 LTS, ldap accounts, krb5 authentication, Lightdm, Unity session ldap+krb5 is configured using nss-ldapd and nslcd. It works fine. getent passwd and getent shadow works fine. I am able to login in console without any problems. I was able to login in lightdm. Then I used the lock screen. I could not disable the lock screen using my password. I rebooted my computer. Now: After logging in through lightdm, the unity lockscreen locks the screen immediately and I can not disable it using my password. From my short inspection of auth.log and unix_chkpwd sources it seems, that unix_chkpwd works fine when called from lightdm and fails to get user info when called from unity lockscreen. lsb_release -rd Description: Ubuntu 14.04 LTS Release: 14.04 apt-cache policy unity lightdm libpam-modules unity: Installed: 7.2.0+14.04.20140416-0ubuntu1 Candidate: 7.2.0+14.04.20140416-0ubuntu1 Version table: *** 7.2.0+14.04.20140416-0ubuntu1 0 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status lightdm: Installed: 1.10.0-0ubuntu3 Candidate: 1.10.0-0ubuntu3 Version table: *** 1.10.0-0ubuntu3 0 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status libpam-modules: Installed: 1.1.8-1ubuntu2 Candidate: 1.1.8-1ubuntu2 Version table: *** 1.1.8-1ubuntu2 0 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status Contents of /var/log/auth.log: Apr 29 06:49:27 localhost lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "user" Apr 29 06:49:31 localhost lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:2 ruser= rhost= user=user Apr 29 06:49:31 localhost lightdm: pam_krb5(lightdm:auth): user user authenticated as user@NETWORK Apr 29 06:49:32 localhost lightdm[15604]: pam_unix(lightdm-greeter:session): session closed for user lightdm Apr 29 06:49:37 localhost unix_chkpwd[15825]: check pass; user unknown Apr 29 06:49:37 localhost unix_chkpwd[15825]: password check failed for user (user) Apr 29 06:49:37 localhost compiz: pam_unix(lightdm:auth): authentication failure; logname= uid=1001 euid=1001 tty= ruser= rhost= user=user Apr 29 06:49:37 localhost compiz: pam_krb5(lightdm:auth): user user authenticated as user@NETWORK Apr 29 06:49:37 localhost unix_chkpwd[15826]: could not obtain user info (user) Apr 29 06:49:37 localhost unix_chkpwd[15827]: could not obtain user info (user) Apr 29 06:49:37 localhost compiz: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "user" cat /etc/pam.d/common-auth account required pam_unix.so auth required pam_group.so auth [success=2 default=ignore] pam_unix.so try_first_pass nullok_secure auth [success=1 default=ignore] pam_krb5.so try_first_pass minimum_uid=200 auth requisite pam_deny.so auth required pam_permit.so auth optional pam_afs_session.so minimum_uid=200 auth optional pam_ecryptfs.so unwrap auth optional pam_cap.so cat /etc/pam.d/common-account account required pam_unix.so cat /etc/pam.d/lightdm auth requisite pam_nologin.so auth sufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth auth optional pam_gnome_keyring.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close auth optional pam_group.so session required pam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_gnome_keyring.so auto_start session required pam_env.so readenv=1 session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale @include common-password To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1314095/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
