Likewise uninstall, Lock login to system
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| likewise-open (Ubuntu) |
High
|
Thierry Carrez | ||
| Hardy |
Undecided
|
Unassigned |
Bug Description
Binary package hint: likewise-open
I install likewise-open to try domain auth, (the system goes very bad) and when uninstall, (apt-get remove likewise-open; apt-get autoremove). I reboot, and i cant login. It says Module unknown or something like this... i search on the web and i will try to fix it... but it this a very bad mistake... more if likewise if published like the solution for bind the linux to an Active Directory.
Regards
Related branches
Froza (froza) wrote : | #2 |
Not only those files... more... i remember like 10 or more... and one in pam.
the likewise backup all the files with a lwidentity.orig or something like that
i solve the problem, rescue mode and running
for a in $(find / -name *lwindentity*); do
ORIG=$(echo $a | awk -F".lwindentity" '{print $1}')
mv $a $ORIG
done
**** Dont remeber very well the -F of awk, i dont remeber the exacts format of the files ******
Thierry Carrez (ttx) wrote : | #3 |
When you join a domain, likewise-open makes changes to the following files (making in-place backups with an .lwidentity.orig suffix):
/etc/ssh/
/etc/ssh/ssh_config
/etc/nsswitch.conf
/etc/hosts
/etc/krb5.conf
/etc/security/
/etc/pam.
/etc/pam.
/etc/pam.
/etc/pam.
The disruptive changes (the /etc/pam.d/ and nsswitch.conf files) are reverted when you leave a domain (using "domainjoin leave" command or the Leave option of the GUI). You can then uninstall the package and you can still login to the system.
If you uninstall likewise-open while those system files are still configured to use it (i.e. you're still in the domain), it's like if you uninstalled pam : the system will indeed be mostly unusable. The workaround is the one described by Froza.
Uninstalling should not be possible with a domain still joined ?
On Wed, Jul 30, 2008 at 10:44:16AM -0000, Thierry Carrez wrote:
> Uninstalling should not be possible with a domain still joined ?
Uninstalling should start with removing the machine from the domain
(that should be done in the prerm script).
--
Mathias Gug
Ubuntu Developer http://
Changed in likewise-open: | |
assignee: | nobody → tcarrez |
importance: | Undecided → High |
status: | Confirmed → Triaged |
Thierry Carrez (ttx) wrote : | #5 |
A new version fixing this is in testing, stay tuned
Changed in likewise-open: | |
status: | Triaged → In Progress |
Thierry Carrez (ttx) wrote : | #6 |
This bug was fixed in the package likewise-open - 4.1.0.2956-0ubuntu1
---------------
likewise-open (4.1.0.
* missing-
* fixed copyright notice
* updated Standards-Version to 3.8.0
* removed path from command in prerm
* removed stop in S runlevel
-- Rick Clark <email address hidden> Wed, 27 Aug 2008 08:56:20 -0500
likewise-open (4.1.0.
* Remove libwbclient.so.0, use libwbclient0 package instead (LP: #254434)
* Remove library links under /usr/lib/
-- Thierry Carrez <email address hidden> Tue, 05 Aug 2008 15:34:18 +0200
likewise-open (4.1.0.
* New upstream version. (LP: #244968)
* Removed fix_window_close patch (was merged upstream)
* Fixed dh_perl call so that it looks into /usr/lib/
* Removed perl dep from likewise-open-gui since it is now pulled from
likewise-open perl-Depends
* Removed superfluous /etc/defaults empty directory creation
* More descriptive desktop entries (LP: #253032)
* Changed desktop entry logo to domainjoin-logo.png for consistency
* likewise-
* missing-
* no-template-
modifications and respect whatever was put in lwiauthd.conf
* Changed Maintainer to reflect main inclusion
-- Thierry Carrez <email address hidden> Fri, 01 Aug 2008 15:55:43 +0200
Changed in likewise-open: | |
status: | In Progress → Fix Released |
Thierry Carrez (ttx) wrote : | #7 |
SRU report
Bug impact:
Removing the likewise-open package while a domain is joined will result in a system on which you cannot login anymore.
Fix in the development branch:
This was addressed in Intrepid for version 4.1.0.2956-
Minimal patch:
--- likewise-
+++ likewise-
@@ -0,0 +1,11 @@
+#!/bin/sh -e
+
+#DEBHELPER#
+
+case "$1" in
+ remove)
+ if [ -x /usr/bin/
+ domainjoin-cli leave || true
+ fi
+ ;;
+esac
TEST CASE:
NB: You'll need an AD setup to test that (a domain needs to be successfully joined).
$ sudo apt-get install likewise-open
$ sudo domainjoin-cli join your-domain your-Administrator your-password
SUCCESS
$ sudo apt-get remove likewise-open
Then try to log in.
Without the fix: SSH or local login will fail with "PAM unable to dlopen(
With the fix: SSH or local login will continue to work after removal of likewise-open (domain is properly left at prerm).
Regression potential:
The patch only affects prerm : it tries to leave the domain but will gracefully accept failure to do so. The only regression I can think of is that before this fix you could reinstall likewise-open after having removed it and still enjoy your domain membership... that is, if you don't log out in between.
Thierry Carrez (ttx) wrote : | #8 |
Proposed debdiff for the SRU
This debdiff also contains fixes for bug 222224 and bug 256394. If one of those were to be refused by ubuntu-sru, I'd redo the debdiff to only fix accepted bugs.
likewise-open (4.0.5-0ubuntu3.1) hardy-proposed; urgency=low
[ Etienne Goyer ]
* Fixed ugly typo in "Domain Join Authentication" dialog
(LP: #253394)
[ Thierry Carrez ]
* debian/
otherwise you wouldn't be able to login anymore (LP: #230466)
* debian/
using GUI to join domain (LP: #222224)
Martin Pitt (pitti) wrote : | #9 |
Ack'ed for SRU. Waiting for resolving the question in bug 253394, or reverting this bit.
Changed in likewise-open: | |
status: | New → In Progress |
Thierry Carrez (ttx) wrote : | #10 |
Question solved, calling for sponsoring now.
Changed in likewise-open: | |
status: | In Progress → Confirmed |
Martin Pitt (pitti) wrote : | #11 |
Uploaded.
Changed in likewise-open: | |
status: | Confirmed → In Progress |
status: | In Progress → Fix Committed |
Martin Pitt (pitti) wrote : | #12 |
Accepted into hardy-proposed, please test and give feedback here. Please see https:/
Thierry Carrez (ttx) wrote : | #13 |
Verified fixed on my side... here are links to the TEST CASEs:
bug 230466 : https:/
bug 222224 : https:/
bug 253394 : https:/
Adam Sommer (asommer) wrote : | #14 |
I ran through the test case in comment 7:
https:/
And it worked as advertised. Using likewise-
If you need any additional information please let me know.
Thanks
Launchpad Janitor (janitor) wrote : | #15 |
This bug was fixed in the package likewise-open - 4.0.5-0ubuntu3.1
---------------
likewise-open (4.0.5-0ubuntu3.1) hardy-proposed; urgency=low
[ Etienne Goyer ]
* Fixed ugly typo in "Domain Join Authentication" dialog
(LP: #253394)
[ Thierry Carrez ]
* debian/
otherwise you wouldn't be able to login anymore (LP: #230466)
* debian/
using GUI to join domain (LP: #222224)
-- Thierry Carrez <email address hidden> Tue, 28 Oct 2008 16:07:40 +0000
Changed in likewise-open: | |
status: | Fix Committed → Fix Released |
The problem seems to be installing likewise changes /etc/nsswitch.conf and pam, but doesn't revert them if you uninstall, leaving the system in a state where you can't log in.
I'd say this is a pretty big problem