[Bug 1815019] Re: offline logon doesnt works in ubuntu 18.04
** Changed in: samba (Ubuntu) Status: Incomplete => Triaged ** Changed in: samba (Ubuntu) Importance: Undecided => Low ** Summary changed: - offline logon doesnt works in ubuntu 18.04 + offline logon with NT4 domains needs config change in 18.04 ** Summary changed: - offline logon with NT4 domains needs config change in 18.04 + offline logon with NT4 domains needs config change ** Also affects: samba via https://bugzilla.samba.org/show_bug.cgi?id=10455 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1815019 Title: offline logon with NT4 domains needs config change To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1815019/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1815019] Re: offline logon doesnt works in ubuntu 18.04
I see, I just tried, and by default I get the krb5* options in /etc/pam.d/common-auth's pam_winbind.so line. That comes from /usr/share/pam-configs/winbind. It's a more modern default I believe (assuming the machine was joined to an AD domain, and not an NT one), and I'm not sure how configurable or smart it could be made. Maybe multiple profiles could be shipped, one for NT4 domains, one for AD domains (default)? -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1815019 Title: offline logon doesnt works in ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1815019/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1815019] Re: offline logon doesnt works in ubuntu 18.04
The krb5 options you were using in the pam_winbind.so line are only meant to be used with active directory controllers. Your smb.conf file shows your security to be of the "domain" style, which is an NT style controller which does not support kerberos. I may have lost this bit of information elsewhere in this bug, but did you add those krb5* parameters to the pam module config, or was that some tool? -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1815019 Title: offline logon doesnt works in ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1815019/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1798184] Re: [SRU] PY3: python3-ldap does not allow bytes for DN/RDN/field names
** Summary changed: - PY3: python3-ldap does not allow bytes for DN/RDN/field names + [SRU] PY3: python3-ldap does not allow bytes for DN/RDN/field names ** Description changed: + [Impact] + Keystone LDAP backend doesn't work for PY3. + Under Python 2, python-ldap uses bytes by default. Under Python 3 this is removed and bytes aren't allowed for DN/RDN/field names. More details are here: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode and here: https://github.com/python-ldap/python-ldap/blob/python-ldap-3.1.0/Lib/ldap/ldapobject.py#L111 == initial traceback == Here's the initial traceback from the failure: https://paste.ubuntu.com/p/67THZb2m5m/ The last bit of the error is: - File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 314, in _ldap_call - result = func(*args,**kwargs) + File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 314, in _ldap_call + result = func(*args,**kwargs) TypeError: simple_bind() argument 1 must be str or None, not bytes A closer look at func shows: func= args=(b'cn=admin,dc=test,dc=com', b'crapper', None, None) == keystone ldap backend use of python-ldap == In simple_bind_s() of keystone's ldap backend, who and cred are encoded as byte strings: https://github.com/openstack/keystone/blob/14.0.0/keystone/identity/backends/ldap/common.py#L885 but that appears to no longer be valid use of python-ldap for py3. + + + [Test Case] + + Run charm-keystone-ldap functional tests for OpenStack Rocky or above. + + [Regression Potential] + The only regression potential would be for PY2 code paths. PY3 code paths never worked for keystone's LDAP backend. The approach to the patch have purposefully minimized amount of code required and therefore regression potential for PY2. Note that Rocky for Ubuntu supports PY2 but as of Stein Ubuntu has dropped PY2 support. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to python-ldappool in Ubuntu. https://bugs.launchpad.net/bugs/1798184 Title: [SRU] PY3: python3-ldap does not allow bytes for DN/RDN/field names To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1798184/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs