** Description changed: - The pam winbind module seems to be broken on current 17.04 beta2. + [Impact] - Mar 29 18:28:21 daw0 lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory - Mar 29 18:28:21 daw0 lightdm: PAM adding faulty module: pam_winbind.so + The pam_winbind.so module is unusable in zesty. It won't load because of + missing symbols: - I get this error message after a fresh install of Ubuntu GNOME and - libpam-winbind when logging in with an account that should not exist - anywhere. No winbind configuration done yet, but had seen this error - message than also. + Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to + dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared + object file: No such file or directory + + This is due to the (re)introduction of patch fix-1584485.patch which + changes the way this module is built, trying to statically link some + libraries. That linking was incorrectly done. + + The patch was subsequently removed, but later added back again by + mistake during a huge sync. + + A new version of the patch exists, but upstream (Samba) isn't very fond + of such a change and asked to submit it for discussion to the samba- + technical mailing list. + + That was done, but since this could take some time, we decided it's best + to revert the patch one more time. + + [Test Case] + + In a zesty machine/container: + * sudo apt install libpam-winbind winbind samba + * tail -f /var/log/auth.log + * perform a login on this machine. Via ssh, for example + * the broken version will log this: + Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory + * The fixed version will load winbind just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs + + [Regression Potential] + + This reversal has been done before and worked. Right now, the biggest + regression potential is to add the broken patch back again. + + [Other Info] + Sorry for keeping both bugs open (#1644428 and #1677329), but the history on this issue is a bit complicated with multiple SRUs and regressions.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677329 Title: libpam-winbind: unable to dlopen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
