I hit this same bug
/etc/auth-client-config/profile.d/ldap-auth-config only defines :
[lac_ldap]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis
Which is parsed like:
+++++++++++++++++++++++++++++++++++++++++
acc_TYPE.setProfile profile lac_ldap:
ldap_example=>nss_passwd=>passwd: files ldap
ldap_example=>nss_shadow=>shadow: files ldap
ldap_example=>nss_netgroup=>netgroup: nis
ldap_example=>pam_session=>session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
ldap_example=>pam_auth=>auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
ldap_example=>nss_group=>group: files ldap
ldap_example=>pam_password=>password required pam_cracklib.so difok=2
minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
ldap_example=>pam_account=>account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
lac_ldap=>nss_passwd=>passwd: files ldap
lac_ldap=>nss_shadow=>shadow: files ldap
lac_ldap=>nss_group=>group: files ldap
lac_ldap=>nss_netgroup=>netgroup: nis
kerberos_example=>nss_passwd=>passwd: files db
kerberos_example=>nss_shadow=>shadow: files
kerberos_example=>nss_netgroup=>netgroup: nis
kerberos_example=>pam_session=>session required pam_mkhomedir.so
umask=0022 skel=/etc/skel
session optional pam_foreground.so
session optional pam_krb5.so debug
session required pam_unix.so debug
kerberos_example=>pam_auth=>auth [authinfo_unavail=ignore success=1
default=2] pam_krb5.so use_first_pass ignore_root debug
auth [success=done default=ignore] pam_unix.so nullok_secure debug
auth [default=done] pam_ccreds.so action=validate use_first_pass
auth [default=done] pam_ccreds.so action=store
auth [default=bad] pam_ccreds.so action=update
kerberos_example=>nss_group=>group: files db
kerberos_example=>pam_password=>password sufficient pam_unix.so nullok
obscure min=4 max=8 md5 debug
password sufficient pam_krb5.so debug try_first_pass
password required pam_deny.so
kerberos_example=>pam_account=>account sufficient pam_krb5.so debug
account sufficient pam_unix.so debug
account required pam_permit.so
cracklib=>pam_password=>password required pam_cracklib.so retry=3
minlen=8 difok=3
password requisite pam_unix.so use_authtok nullok md5
password optional pam_smbpass.so nullok use_authtok use_first_pass
missingok
+++++++++++++++++++++++++++++++++++++++++
iacc-default's profile defines ldap_example with all services:
[ldap_example]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis
pam_auth=auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
pam_account=account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
pam_session=session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
/etc/auth-client-config/profile.d/ldap-auth-config should be changed to
has similar values, or the /usr/sbin/auth-client-config should be
updated so it ignores looking for pam_* services in Ubuntu and do only
the nss_* ones, after calling pam-auth-update --package --force # or
something like that
--
OpenLDAP Server "sudo auth-client-config -a -p lac_ldap"
https://bugs.launchpad.net/bugs/365153
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
