dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #16150
[Bug 1323278] Re: Ubuntu Lock Screen always asks to change password when using LDAP Auth
Hi,
I spun up a 14.04 VM to test this out as per the digitalocean guide.
sudo apt-get update
sudo apt-get install libpam-ldap nscd
Run through the ldap prompts as usual for my local server (basically the
defaults except for ldapi:/// becomes ldap:// etc)
Edit nsswitch:
passwd: ldap compat
group: ldap compat
shadow: ldap compat
Edit common-session:
session required pam_mkhomedir.so skel=/etc/skel umask=0022
Edit light dm conf:
sudo nano /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
greeter-show-manual-login=true
allow-guest=false
Then reboot.... Black screen. With some disk activity after quite a
while.
After 234 seconds (according to the dmesg time stamps) boot up resumes
but still pauses a lot. About another 2 minutes later the Ubuntu logo
screen appeared
I gave up waiting for the boot to finish so as I've learnt the hard way
with server configs in the past, via a live cd I changed nsswitch from:
passwd: ldap compat
group: ldap compat
shadow: ldap compat
to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
My understanding is compat will be checked before ldap which will let
you do things like login when ldap is down if you have local users.
So anyway now boot works in the normal way I login with an LDAP user.
Logs in normally.
If I switch account and go back to the login screen (by clicking on my
local Ubuntu user rather than the LDAP one). I can then click back to
my LDAP user and log back in with no issues. All the apps I had open
before I switched are still there.
But if I click Lock/Switch Account... (Ctrl+Alt+L), I get booted to the
new lockscreen instead.
Now it shows the normal box with my LDAP account name and a prompt for
"Password"
So I type my password in it whirrs around a second or two and then says
"Enter login(LDAP) password"
Then says "Invalid password, please try again", so I type it again
Then says "Enter login(LDAP) password", so I type it yet again... "Invalid password, please try again" and I'm stuck in a loop.
The only thing that has changed following this guide is at least I don't
have to change my password but it refuses to acknowledge the password is
correct.
At this point if you click the cog and switch account you go back to the
old login screen. Find the ldap user and login as normal as if nothing
ever happened.
Are there any logs for the new lockscreen that I can add to this bug?
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1323278
Title:
Ubuntu Lock Screen always asks to change password when using LDAP Auth
Status in Unity:
Incomplete
Status in “unity” package in Ubuntu:
Incomplete
Bug description:
After setting up LDAP authentication for user login. Users can log in
fine but as soon as the lock screen is activated, the user has to
change their password before they can unlock the screen.
First prompt is: Enter your password
Then: Enter your LDAP Password
Then: Enter new password
Finally: Confirm (Wording is paraphrased)
You can reboot and login without changing the password it is just the
lock screen.
Obviously what should happen is that you enter your password and carry
on with life.
Guide for LDAP auth was cobbled together from the community page which
references Ubuntu 7.04 and 10.04 and some other googling. It
effectively boils down to:
sudo apt-get install libnss-ldap libpam-ldap nscd
Then editing /etc/nsswitch.conf and /etc/pam.d/common-session to get
the user home directories created from skel.
I then amend the lightdm config to allow manual logins and disable the
guest account.
Its entirely possible I've configured something incorrectly however
I'm at a loss why login works fine but the lock screen always
complains. Any ideas?
lsb_release -rd : Description: Ubuntu 14.04 LTS / Release: 14.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1323278/+subscriptions
References
