[Bug 1677329] Re: libpam-winbind: unable to dlopen
I have a zesty VM and /tmp is not even in a different mountpoint: it's part of /. Did you partition your machine manually and mounted /tmp with noexec? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
Unsubscribing sponsors, as the patch has been sponsored. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
zesty verification Confirming the problem with libpam-winbind:amd642:4.5.8+dfsg- 0ubuntu0.17.04.4: Aug 4 20:37:21 zesty-pamwinbind-1677329 sshd[4008]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory Aug 4 20:37:21 zesty-pamwinbind-1677329 sshd[4008]: PAM adding faulty module: pam_winbind.so Updating to the package in proposed: $ apt-cache policy libpam-winbind (...) libpam-winbind: Installed: 2:4.5.8+dfsg-0ubuntu0.17.04.5 Candidate: 2:4.5.8+dfsg-0ubuntu0.17.04.5 Version table: *** 2:4.5.8+dfsg-0ubuntu0.17.04.5 500 500 http://br.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages 100 /var/lib/dpkg/status /var/log/syslog doesn't complain about the module anymore. I added "debug" to the pam_winbind lines in /etc/pam.d/common-session and got this: Aug 4 20:41:27 zesty-pamwinbind-1677329 sshd[6192]: Accepted publickey for ubuntu from 10.0.100.1 port 42160 ssh2: RSA SHA256:V7D2Jzg2FqANPnGlbAJWXMc/7AR0AidE7Rl86Bbqais Aug 4 20:41:27 zesty-pamwinbind-1677329 sshd[6192]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0) Aug 4 20:41:27 zesty-pamwinbind-1677329 sshd[6192]: pam_winbind(sshd:session): [pamh: 0x555bedfe1500] ENTER: pam_sm_open_session (flags: 0x) Aug 4 20:41:27 zesty-pamwinbind-1677329 sshd[6192]: pam_winbind(sshd:session): [pamh: 0x555bedfe1500] LEAVE: pam_sm_open_session returning 0 (PAM_SUCCESS) Aug 4 20:41:27 zesty-pamwinbind-1677329 systemd-logind[428]: New session c6 of user ubuntu. Which confirms the pam_winbind.so module was loaded. ** Tags removed: verification-needed-zesty ** Tags added: verification-done-zesty -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
Debdiff that corresponds to the change in the git MP. ** Patch added: "zesty-revert-static-winbind-1677329.debdiff" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+attachment/4914215/+files/zesty-revert-static-winbind-1677329.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
The attached branch that's "ready for review" fixes it, but it needs sponsorship since I can't upload samba, and then an SRU review. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
** Description changed: [Impact] The pam_winbind.so module is unusable in zesty. It won't load because of missing symbols: Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory This is due to the (re)introduction of patch fix-1584485.patch which changes the way this module is built, trying to statically link some libraries. That linking was incorrectly done. The patch was subsequently removed, but later added back again by mistake during a sync. A new version of the patch exists (https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/323767), but upstream (Samba and Debian) isn't very fond of such a change and asked me to submit it for discussion to the samba-technical mailing list (https://lists.samba.org/archive/samba-technical/2017-June/121139.html). That was done, but since this could take some time, we decided it's best to revert the patch again. [Test Case] In a zesty machine/container: * sudo apt install libpam-winbind winbind samba * tail -f /var/log/auth.log * perform a login on this machine. Via ssh, for example * the broken version will log this: Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory - * The fixed version will load pam_winbind.so just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs. + * The fixed version will load pam_winbind.so just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs: + Jun 21 17:48:52 zesty-pamwinbind-1677329 sshd[18052]: pam_winbind(sshd:session): [pamh: 0x56460f355740] ENTER: pam_sm_open_session (flags: 0x) + Jun 21 17:48:52 zesty-pamwinbind-1677329 sshd[18052]: pam_winbind(sshd:session): [pamh: 0x56460f355740] LEAVE: pam_sm_open_session returning 0 (PAM_SUCCESS) + [Regression Potential] This reversal has been done before and worked. Right now, the biggest regression potential is to add the broken patch back again. Reversing this patch will also reintroduce bug #1584485, but I think the configuration that leads to that bug is asking for trouble and I stated as such in a comment (https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/43). "winbind" should be listed after "files" or "compat", not before. That being said, it is my opinion that having a working pam_winbind module benefits more users than the amount of users that could be affected by the particular configuration that leads to #1584485. [Other Info] Sorry for keeping both bugs open (#1644428 and #1677329), but the history on this issue is a bit complicated with multiple SRUs and regressions. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
** Description changed: [Impact] The pam_winbind.so module is unusable in zesty. It won't load because of missing symbols: Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory This is due to the (re)introduction of patch fix-1584485.patch which changes the way this module is built, trying to statically link some libraries. That linking was incorrectly done. The patch was subsequently removed, but later added back again by - mistake during a huge sync. + mistake during a sync. - A new version of the patch exists, but upstream (Samba) isn't very fond - of such a change and asked to submit it for discussion to the samba- - technical mailing list. + A new version of the patch exists + (https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/323767), + but upstream (Samba and Debian) isn't very fond of such a change and + asked me to submit it for discussion to the samba-technical mailing list + (https://lists.samba.org/archive/samba-technical/2017-June/121139.html). That was done, but since this could take some time, we decided it's best - to revert the patch one more time. + to revert the patch again. [Test Case] In a zesty machine/container: - * sudo apt install libpam-winbind winbind samba - * tail -f /var/log/auth.log - * perform a login on this machine. Via ssh, for example - * the broken version will log this: + * sudo apt install libpam-winbind winbind samba + * tail -f /var/log/auth.log + * perform a login on this machine. Via ssh, for example + * the broken version will log this: Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory - * The fixed version will load winbind just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs + * The fixed version will load pam_winbind.so just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs. [Regression Potential] This reversal has been done before and worked. Right now, the biggest regression potential is to add the broken patch back again. + Reversing this patch will also reintroduce bug #1584485, but I think the + configuration that leads to that bug is asking for trouble and I stated + as such in a comment + (https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/43). + "winbind" should be listed after "files" or "compat", not before. + + That being said, it is my opinion that having a working pam_winbind + module benefits more users than the amount of users that could be + affected by the particular configuration that leads to #1584485. + [Other Info] - Sorry for keeping both bugs open (#1644428 and #1677329), but the history on this issue is a bit complicated with multiple SRUs and regressions. + + Sorry for keeping both bugs open (#1644428 and #1677329), but the + history on this issue is a bit complicated with multiple SRUs and + regressions. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
** Description changed: - The pam winbind module seems to be broken on current 17.04 beta2. + [Impact] - Mar 29 18:28:21 daw0 lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory - Mar 29 18:28:21 daw0 lightdm: PAM adding faulty module: pam_winbind.so + The pam_winbind.so module is unusable in zesty. It won't load because of + missing symbols: - I get this error message after a fresh install of Ubuntu GNOME and - libpam-winbind when logging in with an account that should not exist - anywhere. No winbind configuration done yet, but had seen this error - message than also. + Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to + dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared + object file: No such file or directory + + This is due to the (re)introduction of patch fix-1584485.patch which + changes the way this module is built, trying to statically link some + libraries. That linking was incorrectly done. + + The patch was subsequently removed, but later added back again by + mistake during a huge sync. + + A new version of the patch exists, but upstream (Samba) isn't very fond + of such a change and asked to submit it for discussion to the samba- + technical mailing list. + + That was done, but since this could take some time, we decided it's best + to revert the patch one more time. + + [Test Case] + + In a zesty machine/container: + * sudo apt install libpam-winbind winbind samba + * tail -f /var/log/auth.log + * perform a login on this machine. Via ssh, for example + * the broken version will log this: + Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory + * The fixed version will load winbind just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs + + [Regression Potential] + + This reversal has been done before and worked. Right now, the biggest + regression potential is to add the broken patch back again. + + [Other Info] + Sorry for keeping both bugs open (#1644428 and #1677329), but the history on this issue is a bit complicated with multiple SRUs and regressions. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
I asked upstream (Debian and Samba) for a review of this patch: https://lists.samba.org/archive/samba-technical/2017-June/121139.html That could take a while, so until that happens, I'm proposing a different MP to fix this for now and that is to revert the broken patch one more time. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
They are building, you can check progress here: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-1677329/+packages samba is a big package, I bet it will take a few hours to build and publish. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1677329] Re: libpam-winbind: unable to dlopen
I can upload the packages to a ppa for you to take a look On Tue, May 16, 2017 at 9:20 AM, Jason Lynn wrote: > Thanks. I was able to finally get it to build but after installing, the > samba service will no longer start. It simply times out and leaves > nothing the the syslog or the Samba log explaining the reason: > > Job for smbd.service failed because a timeout was exceeded. > See "systemctl status smbd.service" and "journalctl -xe" for details. > invoke-rc.d: initscript smbd, action "start" failed. > ● smbd.service - Samba SMB Daemon >Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor > preset: enabled) >Active: failed (Result: timeout) since Mon 2017-05-15 17:18:22 EDT; 6ms > ago > Docs: man:smbd(8) >man:samba(7) >man:smb.conf(5) > Process: 2812 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=killed, > signal=TERM) > Main PID: 2812 (code=killed, signal=TERM) > CPU: 80ms > > May 15 17:16:51 ubunbtu-ws systemd[1]: Starting Samba SMB Daemon... > May 15 17:16:51 ubunbtu-ws smbd[2812]: [2017/05/15 17:16:51.993512, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > May 15 17:16:51 ubunbtu-ws smbd[2812]: STATUS=daemon 'smbd' finished > starting up and ready to serve connections > May 15 17:18:22 ubunbtu-ws systemd[1]: smbd.service: Start operation timed > out. Terminating. > May 15 17:18:22 ubunbtu-ws systemd[1]: Failed to start Samba SMB Daemon. > May 15 17:18:22 ubunbtu-ws systemd[1]: smbd.service: Unit entered failed > state. > May 15 17:18:22 ubunbtu-ws systemd[1]: smbd.service: Failed with result > 'timeout'. > > I guess I'm just going to stay broken here until this goes live. I'm > sure I did something else wrong. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1677329 > > Title: > libpam-winbind: unable to dlopen > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/ > 1677329/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1677329] Re: libpam-winbind: unable to dlopen
You have to apply all the patches from the Debian package. I suggest to get the git branch and do a dpkg-buildpackage -uc -us -b On May 13, 2017 11:25, "Jason Lynn" wrote: > Also, should the symlink to /lib/x86_64-linux-gnu/security still be > required after this? > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1677329 > > Title: > libpam-winbind: unable to dlopen > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/ > 1677329/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
Thanks for your test, @jmurchik! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
This is a packaging merge proposal, you should use something like "dpkg- buildpackage -uc -us -b". If you just run ./configure and make in this branch you won't even get the debian patches applied. Unless I misunderstood your goal here, sorry. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
A quick pam_winbind authentication test worked with that modification to the patch: http://pastebin.ubuntu.com/24539032/ May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.100.1 user=BUGTEST\andreas May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): [pamh: 0x558b74961800] ENTER: pam_sm_authenticate (flags: 0x0001) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): getting password (0x0389) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): pam_get_item returned a password May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): Verify user 'BUGTEST\andreas' May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): PAM config: krb5_ccache_type 'FILE' May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): enabling krb5 login flag May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): enabling cached login flag May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): enabling request for a FILE krb5 ccache May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): request wbcLogonUser succeeded May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): user 'BUGTEST\andreas' granted access May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): Returned user was 'BUGTEST\andreas' May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:auth): [pamh: 0x558b74961800] LEAVE: pam_sm_authenticate returning 0 (PAM_SUCCESS) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: Accepted password for BUGTEST\\andreas from 10.0.100.1 port 51760 ssh2 May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:setcred): [pamh: 0x558b74961800] ENTER: pam_sm_setcred (flags: 0x0002) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:setcred): [pamh: 0x558b74961800] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_unix(sshd:session): session opened for user BUGTEST\andreas by (uid=0) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:session): [pamh: 0x558b74961800] ENTER: pam_sm_open_session (flags: 0x) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_winbind(sshd:session): [pamh: 0x558b74961800] LEAVE: pam_sm_open_session returning 0 (PAM_SUCCESS) May 8 21:13:25 zesty-pamwinbind-1677329 sshd[1221]: pam_systemd(sshd:session): Failed to create session: No such file or directory May 8 21:13:26 zesty-pamwinbind-1677329 sshd[1310]: pam_winbind(sshd:setcred): [pamh: 0x558b74961800] ENTER: pam_sm_setcred (flags: 0x0002) May 8 21:13:26 zesty-pamwinbind-1677329 sshd[1310]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented May 8 21:13:26 zesty-pamwinbind-1677329 sshd[1310]: pam_winbind(sshd:setcred): [pamh: 0x558b74961800] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) and: andreas@nsn7:~$ ssh BUGTEST\\\andreas@10.0.100.99 Warning: Permanently added '10.0.100.99' (ECDSA) to the list of known hosts. BUGTEST\andreas@10.0.100.99's password: Welcome to Ubuntu 17.04 (GNU/Linux 4.4.0-77-generic x86_64) (...) Could not chdir to home directory /home/BUGTEST/andreas: No such file or directory BUGTEST\andreas@zesty-pamwinbind-1677329:/$ id uid=1(BUGTEST\andreas) gid=1(BUGTEST\none) groups=1(BUGTEST\none),10002(BUILTIN\users) BUGTEST\andreas@zesty-pamwinbind-1677329:/$ grep andreas /etc/passwd BUGTEST\andreas@zesty-pamwinbind-1677329:/$ There are many more things to test here, though. Namely, kerberos integration. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
** Changed in: samba (Ubuntu Zesty) Status: New => In Progress ** Changed in: samba (Ubuntu Zesty) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: samba (Ubuntu Zesty) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
** Changed in: samba (Ubuntu) Status: Confirmed => In Progress ** Changed in: samba (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: samba (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
And dpkg-shlibdeps is happy: http://pastebin.ubuntu.com/24536871/ ubuntu@andreas-zesty-samba-test:~/deb/samba/samba-4.5.8+dfsg⟫ dpkg-shlibdeps -v debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so >> Scanning debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so >> (for Depends field) Library libpthread.so.0 found in /lib/x86_64-linux-gnu/libpthread.so.0 Library libwbclient.so.0 found in debian/libwbclient0/usr/lib/x86_64-linux-gnu/libwbclient.so.0 Library libbsd.so.0 found in /lib/x86_64-linux-gnu/libbsd.so.0 Library libtalloc.so.2 found in /usr/lib/x86_64-linux-gnu/libtalloc.so.2 Library libpam.so.0 found in /lib/x86_64-linux-gnu/libpam.so.0 Library libc.so.6 found in /lib/x86_64-linux-gnu/libc.so.6 No associated package found for debian/libwbclient0/usr/lib/x86_64-linux-gnu/libwbclient.so.0 Using symbols file debian/libwbclient0/DEBIAN/symbols for libwbclient.so.0 Using symbols file /var/lib/dpkg/info/libc6:amd64.symbols for libc.so.6 Using symbols file /var/lib/dpkg/info/libtalloc2:amd64.symbols for libtalloc.so.2 Using symbols file /var/lib/dpkg/info/libc6:amd64.symbols for libpthread.so.0 Using symbols file /var/lib/dpkg/info/libbsd0:amd64.symbols for libbsd.so.0 Using symbols file /var/lib/dpkg/info/libpam0g:amd64.symbols for libpam.so.0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
I just did a test build with this and pam_winbind worked for the super simple login test case: http://pastebin.ubuntu.com/24536839/ diff -Nru samba-4.5.8+dfsg/debian/patches/fix-1584485.patch samba-4.5.8+dfsg/debian/patches/fix-1584485.patch --- samba-4.5.8+dfsg/debian/patches/fix-1584485.patch 2017-02-09 00:28:33.0 + +++ samba-4.5.8+dfsg/debian/patches/fix-1584485.patch 2017-05-08 13:08:52.0 + @@ -83,7 +83,7 @@ bld.SAMBA_LIBRARY('pamwinbind', source='pam_winbind.c', - deps='talloc wbclient winbind-client tiniparser pam samba_intl', -+ deps='pamwinbind-static', ++ deps='wbclient pamwinbind-static', cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR, realname='pam_winbind.so', - install_path='${PAMMODULESDIR}' There are plenty of other code paths that have to be exercized. Maybe other libraries are missing. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
$ dpkg-shlibdeps -v debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so >> Scanning debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so >> (for Depends field) Library libpthread.so.0 found in /lib/x86_64-linux-gnu/libpthread.so.0 Library libbsd.so.0 found in /lib/x86_64-linux-gnu/libbsd.so.0 Library libtalloc.so.2 found in /usr/lib/x86_64-linux-gnu/libtalloc.so.2 Library libpam.so.0 found in /lib/x86_64-linux-gnu/libpam.so.0 Library libc.so.6 found in /lib/x86_64-linux-gnu/libc.so.6 Using symbols file /var/lib/dpkg/info/libpam0g:amd64.symbols for libpam.so.0 Using symbols file /var/lib/dpkg/info/libc6:amd64.symbols for libpthread.so.0 Using symbols file /var/lib/dpkg/info/libtalloc2:amd64.symbols for libtalloc.so.2 Using symbols file /var/lib/dpkg/info/libbsd0:amd64.symbols for libbsd.so.0 Using symbols file /var/lib/dpkg/info/libc6:amd64.symbols for libc.so.6 dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxLookupName: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxChangeUserPasswordEx: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxCreate: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxInterfaceDetails: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxFree: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxLogonUser: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcFreeMemory: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcAddNamedBlob: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxLookupSid: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcSidToStringBuf: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxLogoffUserEx: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcErrorString: it's probably a plugin dpkg-shlibdeps: warning: debian/libpam-winbind/lib/x86_64-linux-gnu/security/pam_winbind.so contains an unresolvable reference to symbol wbcCtxGetpwnam: it's probably a plugin These missing symbols come from libwbclient. Note how wbcCtxFree is among them: that's the missing one you get when you copy the module to /lib/security. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
The patch d/patches/fix-1584485.patch got reintroduced in 2:4.5.4+dfsg- 1ubuntu1 for zesty and it's what causes the problem. Previously introduced in https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg- 0ubuntu0.14.04.2 to fix said bug, it was quickly reverted in https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg- 0ubuntu0.14.04.3. We either need to revert that patch again, or make the static linking work properly. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
Where it works: 2:4.3.11+dfsg-0ubuntu0.14.04.7 trusty 2:4.3.11+dfsg-0ubuntu0.16.04.6 xenial 2:4.4.5+dfsg-2ubuntu5.5 yakkety Where it fails with this dlopen error: 2:4.5.8+dfsg-0ubuntu0.17.04.1 zesty artful: probably fails as well, as it's the same package still (but I haven't tried) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1677329] Re: libpam-winbind: unable to dlopen
I'm taking a look. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs