Ubuntu
likewise-open package

likewise-open does'nt works fine with winbindd_cache.tdb file

Bug #516507 reported by Mau on 2010-02-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	likewise-open (Ubuntu)	Expired	Undecided	Unassigned

Bug Description

Binary package hint: likewise-open

I've an Ubuntu 9.10 joined to Microsoft AD using likewise-open

When I type an invalid password for a domain login, then only can login next time if:

1.- I wait winbind cache time expires to try again

2.- I logon as local user, and :
2.1 - remove file /var/lib/likewise-open/winbindd_cache.tdb
2.2 - restart likewise-open service

It seems that likewise-open does'nt works fine with winbindd_cache.tdb file information, so I solved it forcing not to use winbindd_cache and query always domain server for items setting
"winbind cache time" parameter to a very low value (default is 900)

grep "winbind cache time" /etc/samba/lwiauthd.conf

winbind cache time = 1

Packages installed
==================

#lsb_release -rd
Description: Ubuntu 9.10
Release: 9.10

Package versions are:
# apt-cache policy likewise-open
likewise-open:
  Instal·lat: 4.1.2982-0ubuntu3
  Candidat: 4.1.2982-0ubuntu3
  Taula de versió:
*** 4.1.2982-0ubuntu3 0
        500 http://es.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status

# apt-cache policy samba
samba:
  Instal·lat: 2:3.4.0-3ubuntu5.4
  Candidat: 2:3.4.0-3ubuntu5.4
  Taula de versió:
*** 2:3.4.0-3ubuntu5.4 0
        500 http://es.archive.ubuntu.com karmic-updates/main Packages
        500 http://security.ubuntu.com karmic-security/main Packages
        100 /var/lib/dpkg/status
     2:3.4.0-3ubuntu5 0
        500 http://es.archive.ubuntu.com karmic/main Packages

# apt-cache policy winbind
winbind:
  Instal·lat: 2:3.4.0-3ubuntu5.4
  Candidat: 2:3.4.0-3ubuntu5.4
  Taula de versió:
*** 2:3.4.0-3ubuntu5.4 0
        500 http://es.archive.ubuntu.com karmic-updates/main Packages
        500 http://security.ubuntu.com karmic-security/main Packages
        100 /var/lib/dpkg/status
     2:3.4.0-3ubuntu5 0
        500 http://es.archive.ubuntu.com karmic/main Packages

kernel and architecture
=======================
# uname -a
2.6.31-17-server #54-Ubuntu SMP Thu Dec 10 18:06:56 UTC 2009 x86_64 GNU/Linux

LOGS: /var/log/auth.log
=======================
When fails:

Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): PAM config: global:require_membership_of 'CAFENET\mau'
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): PAM config: global:krb5_ccache_type 'FILE'
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): failed to get GP info
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): requiring membership: "CAFENET\mau"
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): Looking up name '<email address hidden>'
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): Looking up SID 'S-1-5-21-102064544-280963791-1022575233-15606'
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): getting password (0x00000000)
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): enabling krb5 login flags
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): enabling request for a FILE krb5 ccache type
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): Looking up name 'CAFENET\mau'
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_lwidentity(kdm:auth): request failed: No such user, WBL error was There is no such user (7), NT error was NT_STATUS_NO_SUCH_USER, PAM error 10
Feb 3 08:09:43 saquet kdm: :0[1691]: pam_unix(kdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= <email address hidden>

When works fine:

Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): PAM config: global:require_membership_of 'CAFENET\mau'
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): PAM config: global:krb5_ccache_type 'FILE'
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): failed to get GP info
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): requiring membership: "CAFENET\mau"
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Looking up name '<email address hidden>'
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Looking up SID 'S-1-5-21-102064544-280963791-1022575233-15606'
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): getting password (0x00000000)
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): enabling krb5 login flags
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): enabling request for a FILE krb5 ccache type
Feb 3 10:16:32 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Looking up name 'CAFENET\mau'
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Received UPN of: <email address hidden> <email address hidden>
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:auth): Password for user CAFENET\mau will need to change at 159663333. It is now 1265188593
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): PAM config: global:require_membership_of 'CAFENET\mau'
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): PAM config: global:krb5_ccache_type 'FILE'
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): requiring membership: "CAFENET\mau"
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Looking up name '<email address hidden>'
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Looking up SID 'S-1-5-21-102064544-280963791-1022575233-15606'
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Checking membership of \cafenet\mau (S-1-5-21-102064544-280963791-1022575233-15606) against: "CAFENET\mau"
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Looking up name 'CAFENET\mau'
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): COMPARE: "S-1-5-21-102064544-280963791-1022575233-15606" (45), "S-1-5-21-102064544-280963791-1022575233-15606" (45)
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): Returning 0 for user "<email address hidden>"
Feb 3 10:16:33 saquet kdm: :0[4740]: pam_lwidentity(kdm:account): user '<email address hidden>' granted access

Revision history for this message

James Page (james-page) wrote on 2013-09-19:

Thanks for taking the time to report this bug in Ubuntu.

Are you still seeing this issue? I appreciate this is an old bug - setting to 'Incomplete' for the time being - please respond and set back to 'New' if you think this is still an issue.

Changed in likewise-open (Ubuntu):
status:	New → Incomplete

Revision history for this message

Mau (maugarta-cc) wrote on 2013-09-20:

Hi,
nowadays I'm using Ubuntu 12.04 LTS and I'm not using likewise-open. Currently I use winbind to add my systems as AD memebers and it's working fine.

I think you can close this bug.

If you prefer to perform some tests with likewise-open on Ubuntu 12.04, tell me.

Thanks.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-11-20:

[Expired for likewise-open (Ubuntu) because there has been no activity for 60 days.]

Changed in likewise-open (Ubuntu):
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulikewise-open package

likewise-open does'nt works fine with winbindd_cache.tdb file

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
likewise-open package