** Project changed: unity => ubuntu-translations
** No longer affects: ubuntu-translations
** No longer affects: unity (Ubuntu)
** No longer affects: unity (Ubuntu Utopic)
** No longer affects: unity (Ubuntu Trusty)
** Changed in: nss-pam-ldapd (Ubuntu Utopic)
Importance: Undecided => High
This bug was fixed in the package nss-pam-ldapd - 0.8.13-3ubuntu1
---
nss-pam-ldapd (0.8.13-3ubuntu1) trusty; urgency=medium
* return-partial-shadow-information-to-non-root-users.patch: backport
upstream patch to return partial shadow information (leaving out password
Tagging verification-done based on comment #34.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
Unity Lockscreen
Installed a pristine trusty system, configured lib{nss,pam}-ldapd, and
confirmed that updating to nslcd 0.8.13-3ubuntu1 from trusty-proposed
allows LDAP users to unlock the Unity lockscreen.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Hello Grzegorz, or anyone else affected,
Accepted nss-pam-ldapd into trusty-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/nss-pam-
ldapd/0.8.13-3ubuntu1 in a few hours, and then in the -proposed
repository.
Please help us by testing this new
** Also affects: nss-pam-ldapd (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: unity (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: nss-pam-ldapd (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: unity (Ubuntu
** Changed in: unity
Status: Confirmed = Invalid
** Changed in: unity (Ubuntu)
Status: Confirmed = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
Unity
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: nss-pam-ldapd (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Hello sponsors,
Please consider uploading the attached nslcd patch to trusty-proposed to
resolve this bug. Thank you!
** Description changed:
+ SRU justification:
+
+ [Impact]
+
+ * Summary: in Trusty, when libnss-ldapd is used, LDAP users are not able
+ to unlock the Unity lockscreen. Utopic
Hi,
Grzegorz Gutowski (gzegzol) wrote on 2014-04-29: Without suid it seems
that call (with correct username) to getspnam in function
get_account_info in file passverify.c in pam/modules/pam_unix returns
NULL. I don't understand this behaviour. I wrote a simple c program that
calls getspnam and it
** Changed in: nss-pam-ldapd (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
Unity Lockscreen in 14.04 can't unlock when using LDAP
Ahh, right. So this is almost certainly the change that fixed it for
utopic:
- nslcd will now return partial shadow information to non-root users to
avoid authorisation problems with setgid shadow authentication helpers
with some PAM stacks (closes: #706913)
I bet backporting
This seems to be fixed in later releases. Using lib{nss,pam}-ldapd and
nslcd, with no custom configuration beyond dpkg-reconfigure nslcd, I
experience this bug in trusty, but not in utopic or vivid.
Also, in trusty I do not experience it when using alternative lockers
such as gnome-screensaver or
Hello
Thank you Jan!
I had the correct permissions for unix_chkpwd.
I replaced libpam-ldap by libpam-ldapd and now I can unlock the user
session successfully.
However I have some other issues I didn't have before using libpam-ldapd
like I'm unable to create a local user (non ldap) or su
Hello,
Same problem here after doing an upgrade from 12.04 to 14.04.
On the affected machine, some users (basically admins) have both unix
accounts and LDAP accounts.
Users with both accounts can log in with unix or ldap password. However,
when the desktop is locked, the only way to unlock is
Hi
Do you have this exactly?
0 root@muizenberg:~#ls -l /sbin/unix_chkpwd
-rwsr-sr-x 1 root shadow 35536 Feb 1 2014 /sbin/unix_chkpwd
I am uising libpam-ldap*d* and it works. Note the d.
Regards,
Jan
On 30 January 2015 at 19:05, Vincent Jestin mazarg...@gmail.com wrote:
Hello,
Same
It same error here, based on my understanding it only fetch to the
/etc/shadow not on the nscd cache (/var/cache/nscd/passwd) where
pam_ldap is pointing with. But if I switch user, and login with the same
user it will retain the previous desktop during the lock screen (even
changing desktop say
confirming on my setup as well.
openstack VM (similar to amazon ec2)
Running GDM3 (apt-get install gnome-shell) w/ NX Server to xorg-server-dummy
package (since vm is headless)
LDAP Authentication w/ SSSD Package
Once I connect to the server, I am able to log in the first time using my ldap
caused Error by lighdm ???
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
Unity Lockscreen in 14.04 can't unlock when using LDAP account
To manage notifications about this bug go to:
hello,.
I can confirm I'm using sssd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
Unity Lockscreen in 14.04 can't unlock when using LDAP account
To manage notifications about this
I have the same problem, though I don't have any unix_chkpwd errors as
it's not installed on my systems.
I was able to solve it by replacing:
1) libpam-ldap by libpam-ldapd
2) libnss-ldap by libnss-ldapd
3) nscd by nslcd
I think it is related to my use of self signed certificates that libpam-
I've seen the same behaviour after an upgrade from 12.04 to 14.04. Login was
still possible but the screen did not unlock. I had this message in
/var/log/auth.log:
hostname unix_chkpwd[26503]: could not obtain user info (username)
For me this was caused by wrong file permissions on /etc/shadow.
Alternate work-around:
I was able to login successfully by detaching the keyboard, and using
the mouse to 'click-in' my password with the on-screen keyboard. I
usually had to click on Switch Account in the 'gear' drop-down menu to
get the assistive technology icon to appear to get to the
Hello Jan,
Apparently the LTSP authentication method for the client is not the same
as for the server, I was to hastly to say that sssd was installed in the
LTSP client like it is on the server, it is not by default.
There are no errors unix_chkpwd in the logs but:
Jul 9 08:44:58 zotac-44
Hi Joost,
I think those kwallet errors are harmless if you don't use KDE; I commented
mine out.
0 root@muizenberg:/etc/pam.d#grep kwal *
lightdm:#authoptionalpam_kwallet.so
lightdm:#session optionalpam_kwallet.so auto_start
lightdm.all.allowed:#authoptional
I have this behaviour on an LTSP client (ubuntu 14.04),
chmod u+s /sbin/unix_chkpwd does not appear resolve it
and I am using sssd to authenticate to ldap
The screen-lock doesn't work by default in LTSP, I had to activate it with
unity-tweak-tool.
But it is useless since unlock doesn't work.
Hi
Are you getting the unix_chkpwd error in the logs like this?
May 27 09:07:11 muizenberg unix_chkpwd[4186]: check pass; user unknown
May 27 09:07:11 muizenberg unix_chkpwd[4186]: password check failed for
user (jan)
May 27 09:07:11 muizenberg unix_chkpwd[4187]: could not obtain user info
(jan)
I can confirm I'm using libpam-ldapd:amd64 (0.8.13-3)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
Unity Lockscreen in 14.04 can't unlock when using LDAP account
To manage
@Jan we are not unconfirming it (incomplete means that we still need to
figure out what and where is the problem). I have a branch that maybe
could help you. Next week I'll set up a ppa so you can test it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
We did not have this problem on 12.04. Only now on 14.04
Regards,
Jan
On 28 May 2014 17:53, Andrea Azzarone 1314...@bugs.launchpad.net wrote:
I managed to setup a working system using this guide:
Perhaps this should then be changed to be a bug against another package
rather than unconfirming it. It affects more than one user. We don't
want to change our (simple) configurations to an out of date document,
we find that our LDAP setup works for logins but not lock screen, and
that there seems
Perhaps this should then be changed to be a bug against another package
rather than unconfirming it. It affects more than one user. We don't
want to change our (simple) configurations to an out of date document,
we find that our LDAP setup works for logins but not lock screen, and
that there seems
I managed to setup a working system using this guide:
https://www.digitalocean.com/community/articles/how-to-authenticate-client-computers-using-ldap-on-an-ubuntu-12-04-vps
So not sure it's a unity issue. If you are using something special
please help to to replicate your configuration.
**
Same behavior on ldap without kerberos.
root@muizenberg:~# lsb_release -d; apt-cache policy unity lightdm
libpam-modules|grep Installed; grep unix_chkpwd /var/log/auth.log|tail -3
Description:Ubuntu 14.04 LTS
Installed: 7.2.0+14.04.20140423-0ubuntu1.2
Installed: 1.10.1-0ubuntu1
Some reference (marked as WONTFIX)
https://bugzilla.redhat.com/show_bug.cgi?id=638279
Above might suggest a configuration that fixes this: check ldap first in
common-auth, which currently does:
# here are the per-package modules (the Primary block)
auth[success=2 default=ignore]
Workaround in #2 also working for me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
Unity Lockscreen in 14.04 can't unlock when using LDAP account
To manage notifications about this
Hi, I'd just like to chime in here and say that the workaround specified
in #2 works for me, as well. I'm running Kerberos 5 authentication with
LDAP user accounts, LightDM with Unity greeter and lock screen. Ubuntu
14.04 LTS on both server and clients.
--
You received this bug notification
I've switched to sssd and that also seemed to do the trick. If you need
a workaround, this way you won't have to modify any system files.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
** Changed in: unity (Ubuntu)
Importance: Undecided = High
** Also affects: unity
Importance: Undecided
Status: New
** Changed in: unity
Importance: Undecided = High
** Changed in: unity
Status: New = Confirmed
--
You received this bug notification because you are a
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: unity (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314095
Title:
When I add suid root to unix_chkpwd binary:
chmod u+s /sbin/unix_chkpwd
then everything works as expected: both lightdm and unity lockscreen are
accepting my password.
Without suid it seems that call (with correct username) to getspnam in function
get_account_info in file passverify.c in
41 matches
Mail list logo
