← Back to team overview

dx-packages team mailing list archive

[Bug 1323278] Re: Ubuntu Lock Screen always asks to change password when using LDAP Auth

 

Hi,

I spun up a 14.04 VM to test this out as per the digitalocean guide.

sudo apt-get update
sudo apt-get install libpam-ldap nscd

Run through the ldap prompts as usual for my local server (basically the
defaults except for ldapi:/// becomes ldap:// etc)

Edit nsswitch:

passwd:         ldap compat
group:          ldap compat
shadow:         ldap compat

Edit common-session:

session required    pam_mkhomedir.so skel=/etc/skel umask=0022

Edit light dm conf:

sudo nano /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf

greeter-show-manual-login=true
allow-guest=false

Then reboot.... Black screen. With some disk activity after quite a
while.

After 234 seconds (according to the dmesg time stamps) boot up resumes
but still pauses a lot.  About another 2 minutes later the Ubuntu logo
screen appeared

I gave up waiting for the boot to finish so as I've learnt the hard way
with server configs in the past, via a live cd I changed nsswitch from:

passwd:         ldap compat
group:          ldap compat
shadow:         ldap compat

to:

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

My understanding is compat will be checked before ldap which will let
you do things like login when ldap is down if you have local users.

So anyway now boot works in the normal way I login with an LDAP user.
Logs in normally.

If I switch account and go back to the login screen (by clicking on my
local Ubuntu user rather than the LDAP one).  I can then click back to
my LDAP user and log back in with no issues.  All the apps I had open
before I switched are still there.

But if I click Lock/Switch Account... (Ctrl+Alt+L), I get booted to the
new lockscreen instead.

Now it shows the normal box with my LDAP account name and a prompt for
"Password"

So I type my password in it whirrs around a second or two and then says
"Enter login(LDAP) password"

Then says "Invalid password, please try again", so I type it again
Then says "Enter login(LDAP) password", so I type it yet again... "Invalid password, please try again" and I'm stuck in a loop.

The only thing that has changed following this guide is at least I don't
have to change my password but it refuses to acknowledge the password is
correct.

At this point if you click the cog and switch account you go back to the
old login screen.  Find the ldap user and login as normal as if nothing
ever happened.

Are there any logs for the new lockscreen that I can add to this bug?

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1323278

Title:
  Ubuntu Lock Screen always asks to change password when using LDAP Auth

Status in Unity:
  Incomplete
Status in “unity” package in Ubuntu:
  Incomplete

Bug description:
  After setting up LDAP authentication for user login.  Users can log in
  fine but as soon as the lock screen is activated, the user has to
  change their password before they can unlock the screen.

  First prompt is: Enter your password
  Then: Enter your LDAP Password
  Then: Enter new password
  Finally: Confirm (Wording is paraphrased)

  You can reboot and login without changing the password it is just the
  lock screen.

  Obviously what should happen is that you enter your password and carry
  on with life.

  Guide for LDAP auth was cobbled together from the community page which
  references Ubuntu 7.04 and 10.04 and some other googling.  It
  effectively boils down to:

  sudo apt-get install libnss-ldap libpam-ldap nscd

  Then editing /etc/nsswitch.conf and /etc/pam.d/common-session to get
  the user home directories created from skel.

  I then amend the lightdm config to allow manual logins and disable the
  guest account.

  Its entirely possible I've configured something incorrectly however
  I'm at a loss why login works fine but the lock screen always
  complains.  Any ideas?

  lsb_release -rd : Description: Ubuntu 14.04 LTS / Release: 14.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1323278/+subscriptions


References