[Bug 314623] Re: likewise-open: allows lockout while disconnected
Justin, I think your problem is different than this one. All your problems occur while connected to the network. -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
Thierry: i have not touched lwiauthd.conf or pam_lwidentity.conf, except to turn on debugging in pam_lwidentity.conf -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
I reproduce the exact same log lines when I am connected to the DC, once I set up the lockout policy. However when I'm disconnected, I get the same logs for the first 3 attempts but the 4th one (with the right password) succeeds with: ... pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type pam_lwidentity(su:auth): Received UPN of u...@domain u...@domain pam_lwidentity(su:auth): User DOMAIN\user logged on using cached credentials ... Did you set anything special in pam_lwidentity.conf or lwiauthd.conf ? Can you reproduce the issue on a clean setup ? -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
I tried to reproduce with the exact same instructions with likewise-open on a Jaunty desktop, without success. Three incorrect, then one correct, I can still log in with cached creds, as expected. Could you please indicate what version of Ubuntu you're running, and the version of the likewise-open package. The error message you get should only be returned if the DC locked the account. So if you can still reproduce it, could you check the status of the domain account before and after the test. -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
Ubuntu Jaunty, likewise-open version 4.1.2982-0ubuntu2. The domain account is never locked out, because the incorrect passwords were entered with the machine disconnected from the network. Therefore there is no way for the DC to even know about the login attempts. relevant sections of my pam config files (as set up by pam-auth update; comments are removed. common-auth: auth[success=2 default=ignore] pam_lwidentity.so auth[success=1 default=ignore] pam_unix.so nullok_secure try_first_pass authrequisite pam_deny.so authrequiredpam_permit.so common-account: account [success=2 default=ignore] pam_lwidentity.so account [success=1 new_authtok_reqd=done default=ignore]pam_unix.so account requisite pam_deny.so account requiredpam_permit.so common-session: session [default=1] pam_permit.so session requisite pam_deny.so session requiredpam_permit.so session requiredpam_lwidentity.so session requiredpam_unix.so session optionalpam_ck_connector.so nox11 -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
turning on debug in pam_lwidentity.conf, my /var/log/auth.log tells me the following: May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): failed to get GP info May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): [pamh: 0x80dc138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): getting password (0x) May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): request failed: Logon failure, WBL error was Logon failed due to bad username or password (6), NT error was NT_STATUS_LOGON_FAILURE, PAM error 7 May 5 12:25:56 host su[8722]: pam_lwidentity(su:auth): [pamh: 0x80dc138] LEAVE: pam_sm_authenticate returning 7 May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): failed to get GP info May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): [pamh: 0x8471138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): getting password (0x) May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): request failed: Logon failure, WBL error was Logon failed due to bad username or password (6), NT error was NT_STATUS_LOGON_FAILURE, PAM error 7 May 5 12:25:59 host su[8726]: pam_lwidentity(su:auth): [pamh: 0x8471138] LEAVE: pam_sm_authenticate returning 7 May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): failed to get GP info May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): [pamh: 0x84ac138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:26:02 host su[8727]: pam_lwidentity(su:auth): getting password (0x) May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): request failed: Logon failure, WBL error was Logon failed due to bad username or password (6), NT error was NT_STATUS_LOGON_FAILURE, PAM error 7 May 5 12:26:03 host su[8727]: pam_lwidentity(su:auth): [pamh: 0x84ac138] LEAVE: pam_sm_authenticate returning 7 May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): PAM config: global:krb5_ccache_type 'FILE' May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): failed to get GP info May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): [pamh: 0x9338138] ENTER: pam_sm_authenticate (flags: 0x) May 5 12:26:06 host su[8731]: pam_lwidentity(su:auth): getting password (0x) May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): Verify user 'DOMAIN\user' May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): enabling krb5 login flags May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): enabling cached login flag May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): enabling request for a FILE krb5 ccache type May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): request failed: Account locked out, WBL error was The account has been automatically locked out due to too many invalid attempts to logon or change the password (10), NT error was NT_STATUS_ACCOUNT_LOCKED_OUT, PAM error 11 May 5 12:26:11 host su[8731]: pam_lwidentity(su:auth): [pamh: 0x9338138] LEAVE: pam_sm_authenticate returning 6 -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 314623] Re: likewise-open: allows lockout while disconnected
I can't reproduce that. With the DC shut down I've ssh-ed in and typed 15 wrong passwords... but could still connect using cached credentials on the 16th attempt. Could you please explain what I could do to reproduce the issue ? ** Changed in: likewise-open (Ubuntu) Status: New = Incomplete -- likewise-open: allows lockout while disconnected https://bugs.launchpad.net/bugs/314623 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
