[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
I'll try to get 17.04 up somewhere and test that as well. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
The ldapi:/// worked just fine, as did ldap:// with an IP or a name. And I don't have an entry in /etc/hosts for the ldap server, I'm really using DNS. Reboot works just fine, login prompt, and I can login at the console (and via ssh) with an ldap user. I'm sorry but I will need the files I requested in comment #16. Here are mine: ubuntu@04-57:~$ cat /etc/ldap.conf | grep -vE "^(#|$)" base dc=example,dc=com uri ldap://xenial-slapd-server.lxd ldap_version 3 pam_password exop ubuntu@04-57:~$ cat /etc/ldap/ldap.conf | grep -vE "^(#|$)" URIldap://xenial-slapd.server.lxd BASE dc=example,dc=com TLS_CACERT /etc/ssl/certs/ca-certificates.crt I used these ldif files to minimally populate the ldap server: ubuntu@04-57:~$ cat base.ldif usergroup.ldif dn: ou=People,dc=example,dc=com ou: People objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group objectClass: organizationalUnit dn: uid=testuser1,ou=People,dc=example,dc=com uid: testuser1 objectClass: inetOrgPerson objectClass: posixAccount cn: testuser1 sn: testuser1 givenName: testuser1 mail: testus...@example.com userPassword: testuser1secret uidNumber: 10001 gidNumber: 10001 loginShell: /bin/bash homeDirectory: /home/testuser1 dn: cn=testuser1,ou=Group,dc=example,dc=com cn: testuser1 objectClass: posixGroup gidNumber: 10001 memberUid: testuser1 dn: cn=ldapusers,ou=Group,dc=example,dc=com cn: ldapusers objectClass: posixGroup gidNumber: 10100 memberUid: testuser1 ** Attachment added: "ldaplogin.png" https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1676977/+attachment/5067121/+files/ldaplogin.png -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
ldapi:/// is a unix socket connection, it shouldn't have a "name" or IP component. It can optionally take a path component, but usually should just be left blank. Could you please attach your /etc/ldap.conf and /etc/ldap/ldap.conf? Is your ldap server on localhost, or remote on another machine (in which case ldapi:/// makes no sense). In the meantime I'll start with two scenarios: a) ldapi and slapd server on localhost b) ldap and slapd server on another machine I'm going to use 17.10, since 17.04 and 16.10 are end of life and I'm having difficulties with creating a VM for them with MAAS (which is my test environment). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
I'm taking a look. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
Thank you for the prompt testing. I'm marking a few potential src packages where the actual issue might lie. ** Also affects: accountsservice (Ubuntu) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu) Importance: Undecided Status: New ** Changed in: libpam-ldap (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
If you are dropped to an emergency shell on failure to boot, does name resolution period work? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
Almost certainly the issue is that login.service is not waiting for networking before starting, when ldap is configured. In the screenshot, I see "Failed to start Login Service" and then later "Started to raise network interfaces". -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
Finally, is this reproducible with 17.04? Note that 16.10 goes eol in about 3 months so there is some non-zero cost to trying to fix it there, if it's already fixed in 16.10. ** Changed in: libpam-ldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.
For what it's worth, the same version of libpam-ldap has been present in Ubuntu since (at least) 15.04. So I don't think the bug is in libpam- ldap. When the login service fails, did you obtain the logs for it to see why it failed? More than likely this is a systemd change, but it's unclear yet. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1676977/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs