[Bug 516507] [NEW] likewise-open does'nt works fine with winbindd_cache.tdb file

Mau Wed, 03 Feb 2010 04:10:39 -0800

Public bug reported:

Binary package hint: likewise-open


I've an Ubuntu 9.10 joined to Microsoft AD using likewise-open

When I type an invalid password for a domain login, then only can login
next time if:

 1.- I wait winbind cache time expires to try again

 2.- I logon as local user, and :
  2.1 - remove file /var/lib/likewise-open/winbindd_cache.tdb
  2.2 - restart likewise-open service


It seems that likewise-open does'nt works fine with winbindd_cache.tdb file 
information, so I solved it forcing not to use winbindd_cache and query always 
domain server for items setting 
"winbind cache time" parameter to a very low value (default is 900)


grep "winbind cache time" /etc/samba/lwiauthd.conf

    winbind cache time = 1


Packages installed
==================

#lsb_release -rd
Description:    Ubuntu 9.10
Release:        9.10

Package versions are:
# apt-cache policy likewise-open
likewise-open:
  Instal·lat: 4.1.2982-0ubuntu3
  Candidat: 4.1.2982-0ubuntu3
  Taula de versió:
 *** 4.1.2982-0ubuntu3 0
        500 http://es.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status

# apt-cache policy samba
samba:
  Instal·lat: 2:3.4.0-3ubuntu5.4
  Candidat: 2:3.4.0-3ubuntu5.4
  Taula de versió:
 *** 2:3.4.0-3ubuntu5.4 0
        500 http://es.archive.ubuntu.com karmic-updates/main Packages
        500 http://security.ubuntu.com karmic-security/main Packages
        100 /var/lib/dpkg/status
     2:3.4.0-3ubuntu5 0
        500 http://es.archive.ubuntu.com karmic/main Packages


# apt-cache policy winbind
winbind:
  Instal·lat: 2:3.4.0-3ubuntu5.4
  Candidat: 2:3.4.0-3ubuntu5.4
  Taula de versió:
 *** 2:3.4.0-3ubuntu5.4 0
        500 http://es.archive.ubuntu.com karmic-updates/main Packages
        500 http://security.ubuntu.com karmic-security/main Packages
        100 /var/lib/dpkg/status
     2:3.4.0-3ubuntu5 0
        500 http://es.archive.ubuntu.com karmic/main Packages

kernel and architecture
=======================
# uname -a
2.6.31-17-server #54-Ubuntu SMP Thu Dec 10 18:06:56 UTC 2009 x86_64 GNU/Linux 


LOGS: /var/log/auth.log
=======================
When fails:

Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): PAM config: 
global:require_membership_of 'CAFENET\mau'
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): PAM config: 
global:krb5_ccache_type 'FILE'
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): failed to get 
GP info
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): requiring 
membership: "CAFENET\mau"
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): Looking up name 
'[email protected]'
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): Looking up SID 
'S-1-5-21-102064544-280963791-1022575233-15606'
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): getting 
password (0x00000000)
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): enabling krb5 
login flags
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): enabling 
request for a FILE krb5 ccache type
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): Looking up name 
'CAFENET\mau'
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): request failed: 
No such user, WBL error was There is no such user (7), NT error was 
NT_STATUS_NO_SUCH_USER, PAM error 10
Feb  3 08:09:43 saquet kdm: :0[1691]: pam_unix(kdm:auth): authentication 
failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  [email protected]


When works fine:

Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): PAM config: 
global:require_membership_of 'CAFENET\mau'
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): PAM config: 
global:krb5_ccache_type 'FILE'
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): failed to get 
GP info
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): requiring 
membership: "CAFENET\mau"
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Looking up name 
'[email protected]'
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Looking up SID 
'S-1-5-21-102064544-280963791-1022575233-15606'
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): getting 
password (0x00000000)
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): enabling krb5 
login flags
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): enabling 
request for a FILE krb5 ccache type
Feb  3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Looking up name 
'CAFENET\mau'
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Received UPN 
of: [email protected] [email protected]
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Password for 
user CAFENET\mau will need to change at 159663333. It is now 1265188593
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): PAM config: 
global:require_membership_of 'CAFENET\mau'
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): PAM config: 
global:krb5_ccache_type 'FILE'
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): requiring 
membership: "CAFENET\mau"
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Looking up 
name '[email protected]'
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Looking up 
SID 'S-1-5-21-102064544-280963791-1022575233-15606'
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Checking 
membership of \cafenet\mau (S-1-5-21-102064544-280963791-1022575233-15606) 
against: "CAFENET\mau"
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Looking up 
name 'CAFENET\mau'
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): COMPARE: 
"S-1-5-21-102064544-280963791-1022575233-15606" (45), 
"S-1-5-21-102064544-280963791-1022575233-15606" (45)
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Returning 0 
for user "[email protected]"
Feb  3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): user 
'[email protected]' granted access

** Affects: likewise-open (Ubuntu)
     Importance: Undecided
         Status: New

-- 
likewise-open does'nt works fine with winbindd_cache.tdb file
https://bugs.launchpad.net/bugs/516507
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 516507] [NEW] likewise-open does'nt works fine with winbindd_cache.tdb file

Reply via email to