desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #16577
[Bug 850298] Re: lightdm requires to enter the password twice to login in an AD domain when the password is in expiration period or when using cached_login
Attached requested log files.
They refer to a first login as the domain user 'ambiente' (at 17:05:14), which has password not in expiration period; and to a subsequent login as the domain user 'rbag', which has password in expiration period (first password entered at 17:07:09, second password at 17:08:09).
(The user 'rbag' is automatically selected when lightdm starts).
** Attachment added: "lightdm_logs.tgz"
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/850298/+attachment/2408189/+files/lightdm_logs.tgz
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/850298
Title:
lightdm requires to enter the password twice to login in an AD domain
when the password is in expiration period or when using cached_login
Status in “lightdm” package in Ubuntu:
Incomplete
Bug description:
I'm using an up-to-date oneiric workstation joined through samba and winbind to an AD domain controlled by a Windows server.
Login as domain users is possible without problems in normal conditions, using a pam configuration like this in /etc/pam/common-auth:
auth pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login
However, when the domain password is in expiration period (defaults to
14 days before) or when using cached_login (when the network is
unavailable), the password must be entered twice in lightdm to
effectively start the user session.
Here is an example of what happens, with lines copied from
/var/log/auth.log
...[enter password for the first time in lightdm login screen]
Sep 14 17:03:49 vmo-amb20 lightdm: pam_unix(lightdm:session): session opened for user lightdm by (uid=0)
Sep 14 17:03:50 vmo-amb20 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "rbag"
Sep 14 17:03:50 vmo-amb20 lightdm: pam_winbind(lightdm:auth): getting password (0x00000380)
Sep 14 17:04:00 vmo-amb20 lightdm: pam_winbind(lightdm:auth): user 'rbag' granted access
...[lightdm does not display any message and just clears the password box]
...[enter password for the second time and login session starts]
Sep 14 17:04:04 vmo-amb20 lightdm: pam_unix(lightdm:session): session closed for user lightdm
Sep 14 17:04:04 vmo-amb20 lightdm: pam_winbind(lightdm:setcred): user 'lightdm' OK
Sep 14 17:04:04 vmo-amb20 lightdm: pam_unix(lightdm:session): session opened for user rbag by (uid=0)
If I use a text console this does not happen and I can login normally
as a domain user; the screen just shows a warning about the days
before password expiration or about the unavailability of a network
connection.
The bug could be related to this one reported for GDM:
https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/613371
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/850298/+subscriptions
References