Nevermind. I realized that ldap.conf was world readable, which I don't
want. Back to the drawing board.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/64301
Title:
Unable to unlock screen when using
Sorry to awaken such an old thread, but in case anyone is still having
problems with this, I was able to get it working perfectly in my
environment. I was experiencing the original issue and I tried the
MattPie/Emu solution from posts #20/21, but I was still receiving two
password prompts for local
@Emu Thanks for an excellent description and fix.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/64301
Title:
Unable to unlock screen when using ldap
To manage notifications about this bug go to:
ht
not sure the issue is really a gnome-screensaver one, in any case the
patch there needs work so unsubcribing the review team and tagging the
patch as needswork
** Tags added: patch-needworks
** Tags added: patch-needswork
** Tags removed: patch-needworks
--
Unable to unlock screen when using ld
Sorry for the confusion. We need to distinguish three files:
- the CA certificate (world-readable) is used to verify the identity of the
server to the client
- the client certificate (world-readable) is used to verify the identity of
the client to the server
- the private key (readabl
Could you point out why a world-readable certificate is a problem? From my
understanding,
it is used to verify the identity of the server, and is thus public (as any
certificate e.g. used for
https)
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received
The point is that the certificate key should *never* be world readable
for security reasons. Otherwise you might as well not use encryption at
all as any user on your system can access it. That's the whole reason
for the nscl/nslcd concept. Better use the solution I posted above.
Some explanations
Problem solved for me as well. It was in fact a permission problem: all
the ldap-files were world-readable, except the certificate. After
changing that to o+r, everything works fine.
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this bug notificatio
SOLVED in Ubuntu Lucid: use 'libnss-ldapd' and 'libpam-ldapd' (note the
'd' at the end of the packages) together with with the 'nslcd' package
(note the 'l' in the middle)
This allows to set the user and group with which the 'nslcd' daemon runs
in '/etc/nslcd.conf'. I set the group from 'nslcd' to
We have this bug with Lucid as well. The proposed solutions (linking
/etc/ldap.conf or modifying /etc/pam.d/gnome-screensaver) do not help.
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this bug notification because you are a member of Ubuntu
Bugs,
The same bug can be observed with karmic. Any solution yet?
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
Actually doing this works, but I would prefer to not have to do it:
[EMAIL PROTECTED]:/etc/pam.d# chmod u+s /sbin/unix_chkpwd
[EMAIL PROTECTED]:/etc/pam.d# ls -Fald /sbin/unix_chkpwd
-rwsr-sr-x 1 root shadow 19584 2008-05-16 08:21 /sbin/unix_chkpwd*
Not really sure why this is required. No files
I am having a problem like this with gnome-screensaver and libnss-mysql-
bg under Hardy Heron, but I am not sure if it is the same problem.
Users with an entry in /etc/shadow can unlock just fine, but any user
who is authenticated via libnssmysql fails. However they can log in and
still have thier
I also has this problem on kubuntu from edgy to hardy with dell 630
laptop. I do not use LDAP at all, this problem is just there after I
install kubuntu. I cannot login back after locking a session.
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this
Got same problem here and I solved it, by copy / linking:
ln -s /etc/ldap.conf /etc/libnss-ldap.conf
and
ln -s /etc/ldap.conf /etc/pam_ldap.conf
For me, I copy the /etc/libnss-ldap.conf + /etc/pam_ldap.conf from an
old System, so I cant compare if these links are right, but the content
of the thr
The problem with the two password requests can be solved by adding
'use_first_pass' to the line with pam_unix.so, such that it looks like
authsufficient pam_ldap.so
authrequiredpam_unix.so nullok_secure use_first_pass
However, this does not solve the problem when the
The patch above didn't go smoothly, and I can't justify working more on
it during work time. :)
But I've found a workaround:
If you add 'auth sufficient pam_ldap.so' to the BEGINNING on
/etc/pam.d/gnome-screensaver, gnome-screensaver unlocks properly for LDAP
users. BUT, there's an odd effect o
Problem still exists in Hardy 8.04-Release. Sigh. Note that this is a
basic LDAP server, with no SSL/TLS or password required to access the
server. I really like Ubuntu, but this seems like Enterprise Computing
101...
RHEL5/CentOS5 has a patch in their SRPM named 'better-pam-integration'
(attac
the same here with ubuntu 7.10
Does someone has tryied any tried any trick??
can I change gnome-screensaver by xscreensaver?? does it fix the
problem??
Thanks
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this bug notification because you are a m
This also affects setups where with TLS certificate validation (client
and server), nscd is used as a 'proxy' and no certificates are readable
to the users (not even per-user .ldaprc). The only solution would be
having a gnome-screensaver master process which validates passwords as
root (could be u
Consider the issue confirmed.
This problem plagues other distributions as well.
Please just make some queries upstream with the Gnome developers on our
behalf.
Thanks
-Joe Baker
Sebastien Bacher wrote:
> Cesar, there is ten of thousands of bugs open and only a limited number
> of people working
Cesar, there is ten of thousands of bugs open and only a limited number
of people working on those and only some with a ldap setup to confirm
the issue. Maybe you could try to work on a patch or mail the ubuntu-
devel list if you think that's an issue that should be considered this
cycle
--
Unabl
Come on guys,
There is already a year this bug is open.
This problem is critical to corporation deployments.
I'm having the same problem with libnss-ldap + lipam-krb5 authentication under
Feisty and Gutsy.
When gnome-screensaver lock up. It just show a black screen where you are
unable to do not
The problem can also be due to encrypted connections to the LDAP server
since the private key must be readable by root only. In older versions
of ubuntu (at least Dapper Drake) the following commands fixed the
problem:
chmod +s /usr/lib/gnome-screensaver/gnome-screensaver-dialog
chmod +s /
LDAP authenticated users still can't unlock the Gnome-Screensaver.
Adding the includes to /etc/pam.d/gnome-screensaver did not help.
This is an important issue for large scale deployments. Our deployment
is small, but gnome-screensaver needs to work with out having access to
any master password i
/etc/pam.d/gnome-session
only contained:
@include common-auth
I've changed it to be as such:
#---
@include common-auth
@include common-account
@include common-session
@include common-password
#--
I used grep to identify other pam.d profiles in the d
Same problem exists again in Feisty 7.04.
-Joe Baker
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
I cannot unlock mine either.
Here's the configuration...
file /etc/pam.d/gnome-screensaver contains:
@include common-auth
These files have permissions of rw-r--r--
/etc/ldap/ldap.conf
/etc/libnss-ldap.conf
/etc/pam_ldap.conf
file /etc/ldap/ldap.conf contained:
BASEo=ultrapossum
HOST
I th
** Changed in: gnome-screensaver (Ubuntu)
Status: Rejected => Confirmed
--
Unable to unlock screen when using ldap
https://launchpad.net/bugs/64301
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
I have encounter this problem as well.
I'm on Ubuntu Edgy 6.10, happens on my friend's desktop too.
Version:
ii gnome-screensaver 2.16.1-0ubuntu1
Pam:
/etc/pam.d/gnome-screensaver:
authsufficient pam_unix.so
Even if i use local user still can't unlock screen, when
Forgot to mention that i can't use /etc/ldap.secret as I'm not
authenticating in ldap as root ( security reasons ).
--
Unable to unlock screen when using ldap
https://launchpad.net/bugs/64301
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubun
-rw--- 1 root root 15 2006-05-18 06:49 /etc/ldap.secret
is only useful if you are using the rootdn to connect to the ldapserver. I'm
using another dn to bind to the ldapserver. The password for this user has to
be set in the ldap.conf file.
what i have in my ldap.conf is
binddn cn=*,o=it
Thanks for the bug report, but it's looks like it's a misconfiguration
of the files you mentioned.
** Changed in: gnome-screensaver (Ubuntu)
Status: Unconfirmed => Rejected
--
Unable to unlock screen when using ldap
https://launchpad.net/bugs/64301
--
ubuntu-bugs mailing list
ubuntu-bug
Thanks for the bug report, but it's looks like it's a misconfiguration
of the files you mentioned.
** Changed in: gnome-screensaver (upstream)
Status: Unconfirmed => Rejected
--
Unable to unlock screen when using ldap
https://launchpad.net/bugs/64301
--
ubuntu-bugs mailing list
ubuntu-b
Hi. I've set up a network that use ldap auth and it is working perfectly in
Ubuntu Dapper/Edgy.
for the connection to the LDAP Server (OpenLDAP) the permission I user are:
-rw-r--r-- 1 root root 636 2006-07-28 09:36 /etc/ldap/ldap.conf
-rw-r--r-- 1 root root 9107 2006-07-28 09:36 /etc/libnss-ldap
Thanks for the bug report. Somebody should forward this bug upstream.
** Changed in: gnome-screensaver (Ubuntu)
Importance: Undecided => Medium
** Also affects: gnome-screensaver (upstream)
Importance: Undecided
Status: Unconfirmed
--
Unable to unlock screen when using ldap
https:/
Making /etc/ldap/ldap.conf also world readable fixes this problem.
But this still means that anyone can see the password to connect to the
ldap-server.
Can't this be fixed by making gnome-screensaver use nscd or something.
How does sudo and others take care of this?
--
Unable to unlock screen w
37 matches
Mail list logo
