Public bug reported: I'm using an up-to-date oneiric workstation joined through samba and winbind to an AD domain controlled by a Windows server. Login as domain users is possible without problems in normal conditions, using a pam configuration like this in /etc/pam/common-auth:
auth pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login However, when the domain password is in expiration period (defaults to 14 days before) or when using cached_login (when the network is unavailable), the password must be entered twice in lightdm to effectively start the user session. Here is an example of what happens, with lines copied from /var/log/auth.log ...[enter password for the first time in lightdm login screen] Sep 14 17:03:49 vmo-amb20 lightdm: pam_unix(lightdm:session): session opened for user lightdm by (uid=0) Sep 14 17:03:50 vmo-amb20 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "rbag" Sep 14 17:03:50 vmo-amb20 lightdm: pam_winbind(lightdm:auth): getting password (0x00000380) Sep 14 17:04:00 vmo-amb20 lightdm: pam_winbind(lightdm:auth): user 'rbag' granted access ...[lightdm does not display any message and just clears the password box] ...[enter password for the second time and login session starts] Sep 14 17:04:04 vmo-amb20 lightdm: pam_unix(lightdm:session): session closed for user lightdm Sep 14 17:04:04 vmo-amb20 lightdm: pam_winbind(lightdm:setcred): user 'lightdm' OK Sep 14 17:04:04 vmo-amb20 lightdm: pam_unix(lightdm:session): session opened for user rbag by (uid=0) If I use a text console this does not happen and I can login normally as a domain user; the screen just shows a warning about the days before password expiration or about the unavailability of a network connection. The bug could be related to this one reported for GDM: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/613371 ** Affects: lightdm (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/850298 Title: lightdm requires to enter the password twice to login in an AD domain when the password is in expiration period or when using cached_login To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/850298/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs