Justin, I think your problem is different than this one. All your
problems occur while connected to the network.
--
likewise-open: allows lockout while disconnected
https://bugs.launchpad.net/bugs/314623
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Thierry: i have not touched lwiauthd.conf or pam_lwidentity.conf, except
to turn on debugging in pam_lwidentity.conf
--
likewise-open: allows lockout while disconnected
https://bugs.launchpad.net/bugs/314623
You received this bug notification because you are a member of Ubuntu
Server Team, which
I reproduce the exact same log lines when I am connected to the DC, once
I set up the lockout policy.
However when I'm disconnected, I get the same logs for the first 3 attempts but
the 4th one (with the right password) succeeds with:
...
pam_lwidentity(su:auth): enabling request for a FILE krb5
I tried to reproduce with the exact same instructions with likewise-open on a
Jaunty desktop, without success.
Three incorrect, then one correct, I can still log in with cached creds, as
expected.
Could you please indicate what version of Ubuntu you're running, and the
version of the
Ubuntu Jaunty, likewise-open version 4.1.2982-0ubuntu2.
The domain account is never locked out, because the incorrect passwords
were entered with the machine disconnected from the network. Therefore
there is no way for the DC to even know about the login attempts.
relevant sections of my pam
turning on debug in pam_lwidentity.conf, my /var/log/auth.log tells me
the following:
May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): PAM config:
global:krb5_ccache_type 'FILE'
May 5 12:25:55 host su[8722]: pam_lwidentity(su:auth): failed to get GP info
May 5 12:25:55 host su[8722]:
I can't reproduce that.
With the DC shut down I've ssh-ed in and typed 15 wrong passwords... but could
still connect using cached credentials on the 16th attempt.
Could you please explain what I could do to reproduce the issue ?
** Changed in: likewise-open (Ubuntu)
Status: New =