[Bug 553142] Re: gdm does not obey NIS settings for user groups
This doesnt apear to be a NIS issue either. chuck ** Package changed: nis (Ubuntu) = ubuntu -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. https://bugs.launchpad.net/bugs/553142 Title: gdm does not obey NIS settings for user groups -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
I can confirm that this is still an issue in Lucid. This was not an issue with Hardy. Setting group: files nis in /etc/nsswitch.conf causes all of my NIS groups to show up. Setting this to compat causes one of the NIS groups to go away. I'm not sure why only one of the groups goes away. Perhaps something with pam_group.so is only allowing one group to be passed in through NIS to SSH clients? This is a server, so I can't test GDM. All of my groups show up if I log in on the console. -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
User liesl is in NIS group aimsadmrw, but shed does not get permissions with normal login. However after either ssh localhost or su - liesl she does have the necessary group permissions. On lucid 64bit, LDAP client for passwords, NIS client for groups, NFS/autofs mounted /home. ii nis3.17-31clients and daemons for the Network Informat li...@muizenberg:~$ grep 192 /etc/yp.conf ypserver 192.168.42.2 li...@muizenberg:~$ grep nis /etc/nsswitch.conf group: compat nis netgroup: nis li...@muizenberg:~$ grep liesl /etc/security/group.conf * ;:0 ;liesl ;Al-2400 ;aimsadmr,aimsadmrw li...@muizenberg:~$ grep group /etc/pam.d/*|grep -v \# /etc/pam.d/common-auth:authoptionalpam_group.so /etc/pam.d/gdm:authsufficient pam_succeed_if.so user ingroup nopasswdlogin /etc/pam.d/gdm:auth optional pam_group.so /etc/pam.d/login:auth optional pam_group.so li...@muizenberg:~$ tail -1 /etc/group +::: li...@muizenberg:~$ ypcat group|grep aims aimsadmr:x:20003:jan,lynne,ike,fjwh,gudrun,aeeda,barrie,liesl,bwg,asharma aimsadrw2:x:20005:lynne,aeeda aimsadmrw:x:20004:liesl,aeeda # -- liesl in group in question. aimsr:x:900:jan,lynne,ike,fjwh,gudrun,aeeda,bwg,asharma NOTE GROUP PERMISSIONS IN STRAIGHT GDM LOGIN FAILS; BUT AFTER SSH IT WORKS; AFTER SU - USER IT WORKS! li...@seychelles:/var/autofs/misc/home/liesl$ groups # WHY DOES IT SHOW SO MANY COPIES? staff2009 adm adm cdrom cdrom floppy floppy audio audio video video plugdev plugdev aimsadmr aimsadmr aimsadmr aimsadmrw aimsadmrw aimsadmrw li...@seychelles:/var/autofs/misc/home/liesl$ id uid=1498(liesl) gid=509(staff2009) groups=4(adm),4(adm),24(cdrom),24(cdrom),25(floppy),25(floppy),29(audio),29(audio),44(video),44(video),46(plugdev),46(plugdev),509(staff2009),20003(aimsadmr),20003(aimsadmr),20003(aimsadmr),20004(aimsadmrw),20004(aimsadmrw),20004(aimsadmrw) li...@seychelles:/var/autofs/misc/home/liesl$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': Permission denied # ARGH li...@seychelles:/var/autofs/misc/home/liesl$ ssh li...@localhost # VIA SSH li...@localhost's password: Linux seychelles 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 05:14:15 UTC 2010 x86_64 GNU/Linux Ubuntu 10.04.1 LTS li...@seychelles:~$ groups staff2009 aimsadmr aimsadmrw li...@seychelles:~$ id uid=1498(liesl) gid=509(staff2009) groups=509(staff2009),20003(aimsadmr),20004(aimsadmrw) li...@seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/ li...@seychelles:~$ logout Connection to localhost closed. li...@seychelles:/var/autofs/misc/home/liesl$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # :\ touch: cannot touch `/home/aeeda/Desktop/Visitors_Overview_2007.ods': Permission denied li...@seychelles:/var/autofs/misc/home/liesl$ su - liesl Password: li...@seychelles:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods # \o/ li...@seychelles:~$ wtf? Probably unrelated but mentioned here for completeness. I thought adding these were unecessary, plus they do not fix the problem: authoptionalpam_group.so# to gdm-autologin session optional pam_group.so #to common-session account optional pam_group.so # to common-account Also, in /var/log/kern.log this is apparently a harmless error: svc: failed to register lockdv1 RPC service (errno 97). can be solved by booting with kernel option ipv6.disable=1 and that does not fix it either. Strace and ltrace does not show much information I can recognize besides permission denied. Also nscd is installed but stopped for above testing. Also the new LDAP client libs are used, libpam-ldapd and not libpam- ldap, so nslcd is installed. -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
Just to confirm this problem is specific to lucid. The previous desktop images were jaunty, and I have just tested that this problem does not exist on the jaunty client! On the jaunty install (no trailing line in /etc/group, no gdm:optional pam_group.so line.) li...@senegal:~$ grep 192 /etc/yp.conf ypserver 192.168.42.2 li...@senegal:~$ grep nis /etc/nsswitch.conf group: compat nis netgroup: nis li...@senegal:~$ grep liesl /etc/security/group.conf * ;:0 ;liesl ;Al-2400 ;aimsadmr,aimsadmrw li...@senegal:~$ grep group /etc/pam.d/*|grep -v \# /etc/pam.d/common-auth:authoptionalpam_group.so /etc/pam.d/login:auth optional pam_group.so li...@senegal:~$ grep + /etc/group li...@senegal:~$ grep + /etc/passwd li...@senegal:~$ ypcat group|grep aims aimsadmr:x:20003:jan,lynne,ike,fjwh,gudrun,aeeda,barrie,liesl,bwg,asharma aimsadrw2:x:20005:lynne,aeeda aimsadmrw:x:20004:liesl,aeeda aimsr:x:900:jan,lynne,ike,fjwh,gudrun,aeeda,bwg,asharma li...@senegal:~$ i...@senegal:~$ groups staff2009 aimsadmr aimsadmrw li...@senegal:~$ id uid=1498(liesl) gid=509(staff2009) groups=509(staff2009),20003(aimsadmr),20004(aimsadmrw) li...@senegal:~$ touch /home/aeeda/Desktop/Visitors_Overview_2007.ods So it is not server side. Adding the optional pam_group.so line to /etc/pam.d/gdm (as I have on lucid) to the jaunty machine did not reproduce the problem. It looks as if REMOVING the line auth optional pam_group.so from the lucid client FIXES this. Is there something wrong with that syntax? -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
To clarify: It looks as if REMOVING the line auth optional pam_group.so from the lucid client FIXES this. Is there something wrong with that syntax? Removing the line from /etc/pam.d/gdm. It is still in common-auth and login. -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
I had the same problem. Editing /etc/nsswitch.conf as suggested above fixed the problem when login in through GDM. Thanks! -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
might this have a similar cause as https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/423252 ? As that one also mentions nss. BJ: for me the workaround also helped with GDM. -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
There is a forum post on ubuntuforums where two other people are also affected by this: http://ubuntuforums.org/showthread.php?p=9230407 -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
I started the ubuntuforums thread (http://ubuntuforums.org/showthread.php?p=9230407). A possible fix to the SSH problem is to edit /etc/nsswitch.conf: group: compat nis (instead of) group: compat As suggested by Bernhard M. (post #2). I fixed the SSH servers with this method, but I don't know if it works for GDM issue. -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
Now I tried NIS on a current lucid VirtualBox install and found ssh to be working there right away and only gdm being broken. When capturing via tcpdump the YPSERV communication I noticed many identical queries for passwd.byname so I tried on both systems: aptitude install nscd . What is interesting is that running nscd helped with the ssh problem, but did not help with the gdm problem. So there could still be two different issues there. Also worth noting: running nscd reproducably breaks NIS-groups on console(tty) login, su and ssh-login, even with the nsswitch.conf work-around - but only on the VirtualBox system. special setup needed to reproduce: # must have NIS server (ours is on ...0.240 version 3.17-17 from debian/lenny/i686) aptitude install nis echo ypserver 192.168.0.240 /etc/yp.conf echo +:: /etc/passwd echo +::: /etc/group /etc/init.d/nis restart -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
The nscd problems appear to have only been caching isues. touch /etc/groups helped there. The underlying NIS-group bug with gdm remains, though. -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 553142] Re: gdm does not obey NIS settings for user groups
** Package changed: gdm (Ubuntu) = nis (Ubuntu) -- gdm does not obey NIS settings for user groups https://bugs.launchpad.net/bugs/553142 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nis in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs