← Back to team overview

documentation-packages team mailing list archive

[Bug 1341544] [NEW] Winbind: domain user doesn't login on Ubuntu server 14.4

 

Public bug reported:

I set up successfully an Ubuntu server 12.4.4 to be a Member Serve of
the Windows Domain and to allow Domain Users to login.

I created an Ubuntu 14.4 server to test with the same purpose and I
tried to set up with the same way, but I cannot login to the server with
a domain user.

Ubuntu server 14.4 can read the list of domain user and domain group via
wbinfo-u and wbinfo-g command like in Ubuntu server 12.4.4.

The wbinfo-t command indicates successful communication via rpc between
Ubuntu server 14.4 and the Domain Controller.

The interesting thing is when I installed the Samba and Winbind packets
(apt-get install samba winbind), the PAM configuration files (common-
account, common-auth, common-session) in /etc/pam.d/ are automatically
set up in Ubuntu server 12.4.4, but in Ubuntu 14.4 are not.

Below are the list files configured automatically in Ubuntu server
12.4.4 and adjusted manually in Ubuntu 14.4:

/etc/pam.d/common-account
account [success=2 new_authtok_reqd=done default=ignore]    pam_unix.so
account [success=1 new_authtok_reqd=done default=ignore]    pam_winbind.so
account requisite              pam_deny.so
account required            pam_permit.so
/etc/pam.d/common-auth
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
auth    requisite              pam_deny.so
auth    required            pam_permit.so
/etc/pam.d/common-session
session [default=1]          pam_permit.so
session requisite              pam_deny.so
session required            pam_permit.so
session optional            pam_umask.so
session required    pam_unix.so
session required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional            pam_winbind.so

I proceeded with the installation of Kerberos (apt-get install krb5-user
libkrb5-3) in the same way that I performed on active Ubuntu server
12.4.4.

Because I have not succeeded to login in the test server, I decided to
recreate the active server (Ubuntu server 12.4.4) and upgrade him with
the command do-release-upgrade-d.

Despite I succeeded to install and set up the server test Ubuntu server
12.4.4the problem reappeared after the upgrade. I could no longer access
the server with a domain user while still able to read the list of users
and groups via wbinfo-u and wbinfo-g command.

I installed libnss-winbind package (apt-get install libnss-winbind) and
then I get success to login to the server with a domain user.

Noteworthy that with a clean install of Ubuntu server 14.4, the
installation of this library did not solved the problem.

** Affects: ubuntu-docs (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: winbind

-- 
You received this bug notification because you are a member of
Documentation Packages, which is subscribed to ubuntu-docs in Ubuntu.
https://bugs.launchpad.net/bugs/1341544

Title:
  Winbind: domain user doesn't login on Ubuntu server 14.4

Status in “ubuntu-docs” package in Ubuntu:
  New

Bug description:
  I set up successfully an Ubuntu server 12.4.4 to be a Member Serve of
  the Windows Domain and to allow Domain Users to login.

  I created an Ubuntu 14.4 server to test with the same purpose and I
  tried to set up with the same way, but I cannot login to the server
  with a domain user.

  Ubuntu server 14.4 can read the list of domain user and domain group
  via wbinfo-u and wbinfo-g command like in Ubuntu server 12.4.4.

  The wbinfo-t command indicates successful communication via rpc
  between Ubuntu server 14.4 and the Domain Controller.

  The interesting thing is when I installed the Samba and Winbind
  packets (apt-get install samba winbind), the PAM configuration files
  (common-account, common-auth, common-session) in /etc/pam.d/ are
  automatically set up in Ubuntu server 12.4.4, but in Ubuntu 14.4 are
  not.

  Below are the list files configured automatically in Ubuntu server
  12.4.4 and adjusted manually in Ubuntu 14.4:

  /etc/pam.d/common-account
  account [success=2 new_authtok_reqd=done default=ignore]    pam_unix.so
  account [success=1 new_authtok_reqd=done default=ignore]    pam_winbind.so
  account requisite              pam_deny.so
  account required            pam_permit.so
  /etc/pam.d/common-auth
  auth    [success=2 default=ignore]      pam_unix.so nullok_secure
  auth    [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
  auth    requisite              pam_deny.so
  auth    required            pam_permit.so
  /etc/pam.d/common-session
  session [default=1]          pam_permit.so
  session requisite              pam_deny.so
  session required            pam_permit.so
  session optional            pam_umask.so
  session required    pam_unix.so
  session required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
  session optional            pam_winbind.so

  I proceeded with the installation of Kerberos (apt-get install
  krb5-user libkrb5-3) in the same way that I performed on active Ubuntu
  server 12.4.4.

  Because I have not succeeded to login in the test server, I decided to
  recreate the active server (Ubuntu server 12.4.4) and upgrade him with
  the command do-release-upgrade-d.

  Despite I succeeded to install and set up the server test Ubuntu
  server 12.4.4the problem reappeared after the upgrade. I could no
  longer access the server with a domain user while still able to read
  the list of users and groups via wbinfo-u and wbinfo-g command.

  I installed libnss-winbind package (apt-get install libnss-winbind)
  and then I get success to login to the server with a domain user.

  Noteworthy that with a clean install of Ubuntu server 14.4, the
  installation of this library did not solved the problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1341544/+subscriptions


Follow ups

References