[Bug 623342] Re: ntlm_auth returns invalid NT_KEY
This bug is not fixed for me in 2:3.4.7~dfsg-1ubuntu3.5. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/623342 Title: ntlm_auth returns invalid NT_KEY -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 509934] [NEW] password caching no longer works
Public bug reported: Binary package hint: likewise-open Password caching has stopped working after upgrading to Lucid. I can still join a domain and log in when connected to the domain, but if I shut down and disconnect from the network, then I can no longer log in after starting up again. If I log in as root, 'id DOMAIN\\user' responds: no such user. ** Affects: likewise-open (Ubuntu) Importance: Undecided Status: New -- password caching no longer works https://bugs.launchpad.net/bugs/509934 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 509934] Re: password caching no longer works
If I then connect to a VPN which can reach the domain and restart lsassd and netlogond, I can once again log in as myself. Caching does work as long as lsassd continues running. -- password caching no longer works https://bugs.launchpad.net/bugs/509934 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 476069] Re: segfault
** Changed in: krb5 (Ubuntu) Status: Incomplete = New -- segfault https://bugs.launchpad.net/bugs/476069 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 476069] [NEW] segfault
Public bug reported: I'm using libpam-krb5 with nss-ldap and nscd, and encountering a segfault when I try to use 'su' to change to my own account, after entering the correct password. Apport doesn't run to process the segfault, or I'd be reporting the bug with that utility. The crashing command appears as follows: $ su $USER Password: su: Authentication failure Segmentation fault I'll be happy to provide any further detail I can upon request. ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New -- segfault https://bugs.launchpad.net/bugs/476069 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 476069] Re: segfault
I assigned this bug to this package because the segfault appears as follows (from dmesg): [ 1844.309499] su[6070]: segfault at 1be96c38 ip 7fd3a48c03c3 sp 7fffd10ab710 error 4 in libkrb5.so.3.3[7fd3a4874000+ae000] Turning on debug in the krb5 pam system provides the following in auth.log: Nov 5 20:07:24 computer su[6070]: (pam_krb5): none: pam_sm_authenticate: entry (0x0) Nov 5 20:07:24 computer su[6070]: (pam_krb5): user: attempting authentication as u...@krb.domain Nov 5 20:07:27 computer su[6070]: (pam_krb5): user: pam_sm_authenticate: exit (success) Nov 5 20:07:27 computer su[6070]: (pam_krb5): user: cannot retrieve principal from cache: Credentials cache permissions incorrect Nov 5 20:07:27 computer su[6070]: pam_acct_mgmt: Authentication failure -- segfault https://bugs.launchpad.net/bugs/476069 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 476069] Re: segfault
This is on karmic. It all works fine for login; it's just su that has trouble. This is just more-or-less default settings of nsswitch and PAM. PAM is entirely as provided by pam-auth-update (except the addition of 'debug' to the krb5 module), and nss is 'compat ldap' for passwd, group, and shadow. I do notice that there are a bunch of /tmp/krb5cc_pam_RANDOM files, owned by root. So I suppose that would be causing the Credentials cache permissions incorrect I don’t know if there’s a way to provoke apport into noticing the segfault so I can get a more useful bug report on that end of things... -- segfault https://bugs.launchpad.net/bugs/476069 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 476069] Re: segfault
Nope, su'ing to the current user. 'su - $USER', using the environment variable. It does the same if I put the literal username, obviously. File modes are 0600 -- segfault https://bugs.launchpad.net/bugs/476069 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 434649] Re: likewise-open doesn’t wor k with kinit
Steps to duplicate: 1. join an AD domain using likewise-open. 2. username will be in the form DOMAIN\username 3. run 'kdestroy' to remove the current kerberos credentials cache 4. run 'kinit' to attempt to get new credentials expected behaviour: 1. prompt for password. encountered behaviour: 1. kinit: Client not found in Kerberos database while getting initial credentials Additional note: 1. 'kinit username' works fine. -- likewise-open doesn’t work with kinit https://bugs.launchpad.net/bugs/434649 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 434649] [NEW] likewise-open doesn’t work with kinit
Public bug reported: Binary package hint: likewise-open On a machine joined to the domain with likewise-open, usernames are like “DOMAIN\username”. When using kinit, it therefore tries to obtain a TGT for domain\usern...@kerberosdomain. If likewise-open used only the username instead of DOMAIN\username, this would work properly. ** Affects: likewise-open (Ubuntu) Importance: Undecided Status: New -- likewise-open doesn’t work with kinit https://bugs.launchpad.net/bugs/434649 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
Justin, I think your problem is different than this one. All your problems occur while connected to the network. -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
Thierry: i have not touched lwiauthd.conf or pam_lwidentity.conf, except to turn on debugging in pam_lwidentity.conf -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 404321] Re: gnome-screensaver should allow screen unlock even if account is locked out
Sure: so that a PC doesn't become totally unusable just because someone entered the wrong password a few times somewhere else. -- gnome-screensaver should allow screen unlock even if account is locked out https://bugs.launchpad.net/bugs/404321 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 404321] Re: gnome-screensaver should allow screen unlock even if account is locked out
It's totally unusable to me, since I only have one AD account so switching to another user isn't really viable. Obviously there's the workaround of going to a console session as root and killing gnome-screensaver, but that's just silly in my opinion. Interesting that the microsoft support link doesn't give a rationale either way for this policy. It would probably be good to have it as a configurable option though, rather than forcing it to work one way or the other. Wouldn't a locked account result in a successful pam auth, but unsuccessful pam account result, rather than checking for a specific error code? -- gnome-screensaver should allow screen unlock even if account is locked out https://bugs.launchpad.net/bugs/404321 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 404321] [NEW] gnome-screensaver should allow screen unlock even if account is locked out
Public bug reported: Binary package hint: gnome-screensaver Currently, if one's account is locked out, gnome-screensaver will not allow the user to unlock the screen. It should. This is on karmic, with likewise-open authentication against Active Directory. ** Affects: gnome-screensaver (Ubuntu) Importance: Undecided Status: New ** Affects: likewise-open (Ubuntu) Importance: Undecided Status: New ** Also affects: likewise-open (Ubuntu) Importance: Undecided Status: New -- gnome-screensaver should allow screen unlock even if account is locked out https://bugs.launchpad.net/bugs/404321 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
Ubuntu Jaunty, likewise-open version 4.1.2982-0ubuntu2. The domain account is never locked out, because the incorrect passwords were entered with the machine disconnected from the network. Therefore there is no way for the DC to even know about the login attempts. relevant sections of my pam config files (as set up by pam-auth update; comments are removed. common-auth: auth[success=2 default=ignore] pam_lwidentity.so auth[success=1 default=ignore] pam_unix.so nullok_secure try_first_pass authrequisite pam_deny.so authrequiredpam_permit.so common-account: account [success=2 default=ignore] pam_lwidentity.so account [success=1 new_authtok_reqd=done default=ignore]pam_unix.so account requisite pam_deny.so account requiredpam_permit.so common-session: session [default=1] pam_permit.so session requisite pam_deny.so session requiredpam_permit.so session requiredpam_lwidentity.so session requiredpam_unix.so session optionalpam_ck_connector.so nox11 -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
turning on debug in pam_lwidentity.conf, my /var/log/auth.log tells me the following: May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): failed to get GP info May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): [pamh: 0x80dc138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): getting password (0x) May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): request failed: Logon failure, WBL error was Logon failed due to bad username or password (6), NT error was NT_STATUS_LOGON_FAILURE, PAM error 7 May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): [pamh: 0x80dc138] LEAVE: pam_sm_authenticate returning 7 May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): failed to get GP info May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): [pamh: 0x8471138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): getting password (0x) May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): request failed: Logon failure, WBL error was Logon failed due to bad username or password (6), NT error was NT_STATUS_LOGON_FAILURE, PAM error 7 May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): [pamh: 0x8471138] LEAVE: pam_sm_authenticate returning 7 May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): failed to get GP info May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): [pamh: 0x84ac138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): getting password (0x) May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): request failed: Logon failure, WBL error was Logon failed due to bad username or password (6), NT error was NT_STATUS_LOGON_FAILURE, PAM error 7 May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): [pamh: 0x84ac138] LEAVE: pam_sm_authenticate returning 7 May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): failed to get GP info May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): [pamh: 0x9338138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): getting password (0x) May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): request failed: Account locked out, WBL error was The account has been automatically locked out due to too many invalid attempts to logon or change the password (10), NT error was NT_STATUS_ACCOUNT_LOCKED_OUT, PAM error 11 May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): [pamh: 0x9338138] LEAVE: pam_sm_authenticate returning 6 -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] [NEW] likewise-open: allows lockout while disconnected
Public bug reported: Binary package hint: likewise-open If a user enters an incorrect password too often while likewise-open is in cached/disconnected mode, it will lock the account. Unfortunately it then becomes impossible to access the account until it's authenticated against the domain again. Likewise should never lock out the cached accounts, or at least lockouts should be optional. ** Affects: likewise-open (Ubuntu) Importance: Undecided Status: New -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 222224] [NEW] likewise-open: blows up session when joining the domain
Public bug reported: Binary package hint: likewise-open Logged in as a local user, I used 'domainjoin-cli' to join the windows domain. This instantly killed the gnome panel, dbus, and the NetworkManager applet, and therefore networking. Now domainjoin-gui and domainjoin-cli indicate that I am joined to the domain, yet likewise's winbind log says things like: [2008/04/25 18:24:58, 0] libsmb/cliconnect.c:cli_session_setup_spnego(856) Kinit failed: Preauthentication failed [2008/04/25 18:25:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(856) Kinit failed: Client not found in Kerberos database [2008/04/25 18:25:00, 1] winbindd/winbindd_util.c:trustdom_recv(258) Could not receive trustdoms 'lwiinfo -u' says Error looking up domain users 'getent -s lwidentity passwd' returns nothing. sudo takes forever to do anything. It seems that the domainjoin utilities are lying through their teeth. Ubuntu 8.04 Likewise-open 4.0.5 ** Affects: likewise-open (Ubuntu) Importance: Undecided Status: New -- likewise-open: blows up session when joining the domain https://bugs.launchpad.net/bugs/24 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs