Login issue: Lightdm + LDAP + Kerberos

Would you be able to try this with another display manager, e.g. gdm?

Can you see what $PATH is set to when logging in on a terminal? It looks at first glance like the session can't find upstart, and that can't find the session processes to run.

Installed GDM and set is as default display manger.

service lightdm stop
service gdm start

gives a blank screen. A reboot never goes to the login screen but the splash screen stays forever. Login on the console is possible.

Ubuntu 13.04: LightDM works without any problems.

I believe I am seeing the same problem. I use pbis-open for integration with Active DIrectory. If I log in as a local user, works fine. However if I login as a user on the domain, I see the identical problems and errors in the log as ernst-l.

Also noticed if I log in via terminal as a domain user, stop lighdm, run startx, desktop comes up (but no indicator panel on bar.)

I should have also noted in the previous post I was on 13.04 and it worked fine, and didn't have any problems until upgrading to 13.10.

Same problem here, I just upgraded Ubuntu from 13.04 to 13.10
Right now I'm using pbis-open lastest version (7.5.2.1527). This versions worked fine justa few hours before upgrade.

Upgrade was normal, but when I tried to start session with any domain user I got a few flashes and returned to lightdm login screen.

After cheking the message error "/usr/sbin/lightdm-session: 5: exec: init: not found" I found another bug:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1184878

I made the sgestion of make a symlink running this:
sudo ln -s /sbin/init /bin/init

Now when I try to login with a domain user, I got a blank screen and mouse works, but nothing else show up. No background, no terminal with "Alt+T" combination, no bars, no icons, nothing.. Hey.. but mouse moves!

This is the new log from the file .xsessions-errors

Script for ibus started at run_im.
Script for auto started at run_im.
Script for default started at run_im.
init: unity-gtk-module main process (3055) terminated with status 127
init: logrotate pre-start process (3053) terminated with status 127
init: dbus pre-start process (3056) terminated with status 127
init: ssh-agent pre-start process (3054) terminated with status 127
init: ssh-agent post-stop process (3062) terminated with status 127

I got this errors using nouveau (I thought that maybe nvidia drivers were the problem, but I was wrong)

Hmm, I wonder if this could be some odd path issue, status 127 means command not found. Also would explain why we had to do the symbolic link for /sbin/init . $PATH getting squashed somehow?

I'm also seeing this on Gnome Ubuntu as well after staging up a VM to test it. I have to do the sym link to init, and then once i log in, get the black screen with a cursor. Not looking like a lightdm issue now.

This affects installs based on the latest PowerBroker Identity Services software (downloaded directly from their site, not installed via the Ubuntu repositories).

In my case, I had PBIS 7.5.1 installed and working before I upgraded. I did not think to unbind myself from the domain before upgrading from Ubuntu 13.04 to 13.10, but I did purge PBIS and install the latest edition (7.5.2.1527). My symptoms seem to be identical to those listed above; I've created a question on askubuntu.com: http://askubuntu.com/questions/363869/powerbroker-likewise-open-ubuntu-13-04-13-10-upgrade

Ok, I may have a workaround (not sure yet of any side effects or what else could be broken...)

Since we did the symlink to /bin/init, this is what .Xsession looks like as we know:
init: unity-gtk-module main process (3055) terminated with status 127
init: logrotate pre-start process (3053) terminated with status 127
init: dbus pre-start process (3056) terminated with status 127
init: ssh-agent pre-start process (3054) terminated with status 127
init: ssh-agent post-stop process (3062) terminated with status 127

If you look at ~/.cache/upstart as your LDAP based user, you'll notice in log files for dbus, etc for errors, sure enough the error is it can't find initctl:
/proc/self/fd/9: 3: /proc/self/fd/9: initctl: not found
/proc/self/fd/9: 3: /proc/self/fd/9: initctl: not found
/proc/self/fd/9: 3: /proc/self/fd/9: initctl: not found

I added a symlink from /sbin/initctl to /bin like we did with init, and I am now able to log in again.

After I put in the symlink for initctl into /bin path above and could log in, I ran into an issue where I was having odd errors like not authorized in the disk tool, and Network settings within UI were inaccessible, etc This is beyond the other weird issues with the path stuff from above... I found an old bug here:
https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/1162836

I had the same problem where after I finally logged in, my $PATH variable was a ways off from what the local user. Per that bug, I updated /etc/pam.d/common-session and made the following change the line:
session sufficient pam_lsass.so
to:
session [success=ok default=ignore] pam_lsass.s

After a reboot, my path was ok, and everything seems to be working as normal again. I am going to test removing the symlinks that were added, as I suspect with the path fixed, they may not be needed. I will report back what I find.

No symlinks needed for init or initctl and able to log in using pbis as a domain user with the common-session change.

Is this a bug with Ubuntu or pbis?

The workaround with common-session allowed me to log in on my pbis activated machine as well.

This worked for me as well. After applying the fix, unbinding from AD recognizes that the PAM configuration was manually edited and asks the user if he wants the system to administer the configuration, or if he would like to do so manually going forward.

Obviously typical PBIS users want the system to administer their PAM configuration. I assume that after the bug is fixed this won't be a problem, but I'm noting the issue here just in case.

/sbin must be in all users path on Ubuntu. It is the default, and many thing will not work, if /sbin is not the default path.

Default path on ubuntu is usually set in /etc/environment and has:
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

Can you please verify what PATH is set on the affected environments?

Hi, I've filed a bug internally on the PBIS Open bugzilla, to change the "common-session" entry from "sufficient" to "optional" (which is the same as [success=ok default=ignore] and looks cleaner).

Thanks for picking this up for us!

@Rob A - Thanks for the follow-up! I can confirm on 14.04 it's also working well.

Thanks @mloebl, it works