AssumeDefaultDomain does not work

Bug #534629 reported by Alexander Brinkman on 2010-03-08
308
This bug affects 51 people
Affects Status Importance Assigned to Milestone
likewise-open (Ubuntu)
Medium
Gerald Carter
Lucid
Undecided
Chuck Short
Maverick
Undecided
Chuck Short

Bug Description

Binary package hint: likewise-open

Setting "AssumeDefaultDomain"=dword:00000001 does not work with likewise-open 5.4.0.39949-3 on Ubuntu 10.04 (development branch) 64 bit.

IMPACT STATEMENT
================

Many Likewise Open prefer to set AssumeDefaultDomain, as it make the users/groups name more consistent with local one. It is particularly true in deployment where there is a single domain, where prepending the domain name would be somewhat redundant anyway.

Moreover, this is a regression. People upgrading to a version of likewise-open where the AssumeDefaultDomain work as expected will find their user/group names have changed, and that they now need to prepend them with the domain name and separator.

TEST CASE
=========

Steps to reproduce:
1. Install likewise-open, join domain.
2. Check likewise behavior: getent passwd domain\\testuser returns information, getent passwd testuser does not.
3. Change AssumeDefaultDomain to dword:00000001 in /etc/likewise-open/lsassd.reg
4. Run lwregshell import /etc/likewise-open/lsassd.reg
5. Run lw-refresh-configuration
6. Check behavior again: getent passwd testuser should return information
7. Logins without domain included should work

Related branches

CVE References

tags: added: kernel-series-unknown
tags: removed: kernel-series-unknown

I confirm this bug, in ubuntu 10.04, likewise open version 5.4.0.39949-3
Moreover in my opinion , a GUI would be needed to configure the .reg file.
Regards

Confirmed in likewise-open_5.4.0.42111-1~ppa1~lucid from the likewise-open-development PPA

Changed in likewise-open (Ubuntu):
status: New → Confirmed
Bryan McLellan (btm) wrote :

From what I can gather, 42111 appears to be an svn revision that is roughly matchable in the git log in the upstream repository [1]. The 5.4.0.7985 upstream release from 2010-01-28 also has this bug, but I would speculate that likewise-open=5.4.0.42111-1 currently in lucid is from approximately 2010-03-12.

Executing 'lw-refresh-configuration' then 'lw-eventlog-cli -s - 127.0.0.1' displays an eventlog entry confirming that AssumeDefaultDomain is set to true.

[1] http://www.likewiseopen.org/sourcecode.php

Bryan McLellan (btm) wrote :

AssumeDefaultDomain works for me when using 5.4.7939 (5.4.0 build/release 7939 from upstream) from ~2009-12-09.

I'm out of my element here, but I'm hitting two issues.

First, AD_FindObjectByAliasNoCache in online.c:3465 is returning 'Error code 40081 (LW_ERROR_NOT_SUPPORTED).'

Overriding that, 'Error code 40008 (LW_ERROR_NO_SUCH_USER).' is returned later.

I'm still working on getting a build without optimization so I can follow the code better.

Gene (gliverman) wrote :

In a mailing list post I saw reference to a reg editor that was in the likewise/bin/ folder... that folder does not exist in Ubuntu nor can I find the program... maybe adding that to the Ubuntu package would help with this?

The registry editor is lwregshell. It should be in /usr/bin.

> -----Original Message-----
> From: <email address hidden> [mailto:<email address hidden>] On Behalf Of
> Gene
> Sent: Monday, March 29, 2010 1:22 PM
> To: <email address hidden>
> Subject: [Bug 534629] Re: AssumeDefaultDomain does not work
>
> In a mailing list post I saw reference to a reg editor that was in the
> likewise/bin/ folder... that folder does not exist in Ubuntu nor can I
> find the program... maybe adding that to the Ubuntu package would help
> with this?
>
> --
> AssumeDefaultDomain does not work
> https://bugs.launchpad.net/bugs/534629
> You received this bug notification because you are a member of Likewise
> Open Developers, which is subscribed to likewise-open in ubuntu.
>
> Status in “likewise-open” package in Ubuntu: Confirmed
>
> Bug description:
> Binary package hint: likewise-open
>
> Setting "AssumeDefaultDomain"=dword:00000001 does not work with
> likewise-open 5.4.0.39949-3 on Ubuntu 10.04 (development branch) 64
> bit.
>
> Steps to reproduce:
> 1. Install likewise-open, join domain.
> 2. Check likewise behavior: getent passwd domain\\testuser returns
> information, getent passwd testuser does not.
> 2. Change AssumeDefaultDomain to dword:00000001 in /etc/likewise-
> open/lsassd.reg
> 3. Run lwregshell import /etc/likewise-open/lsassd.reg
> 4. Run lw-refresh-configuration
> 5. Check behavior again: getent passwd testuser does not return
> information while it now should...
>

MattW (seattle) (mbw) wrote :

I believe I have seen this bug also in 10.04 beta 2

I confirm this bug in 10.04 beta 2.

Some investigation leads me to believe this might be due to a change that transitioned lsassd away from using the system krb5.conf which contains the default realm. Just an update. No solution at this time.

Confirmed here as well. Ouch!

This will slow my 9.10 -> 10.4 upgrade plans for my user workstations. This is one of those "paper cuts" that will annoy users. Hopefully it gets corrected soon considering Canonical is advertising improved Likewise-Open 5.4 Active Directory integration as a leading feature of 10.4 LTS.

http://www.ubuntu.com/testing/lucid/beta2#Major%20new%20version%20of%20likewise-open

Thierry Carrez (ttx) on 2010-04-27
Changed in likewise-open (Ubuntu):
importance: Undecided → Medium
jmp (jupenn) wrote :

Confirmed also in 10.04 LTS, Likewise open version 5.4.0.42111-2ubuntu1.

Pasi Sjöholm (pasi-sjoholm) wrote :

This is not the worst bug in the current release of likewise in lucid.. but would definitely stop me upgrading.

The worst is that you are not able to login on to your computer after 4 hours when offline (https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/572271). ;)

Don Burks (don-metroleap) wrote :

Based on feedback from this (http://<email address hidden>/msg00142.html) post, I have tried using the lwregshell command to get the AssumeDefaultDomain setting to change in the "registry". So far, I haven't been totally successful. Okay, I haven't even been partially successful, but at least I feel like I'm making progress.

lw-eventlog-cli -s - 127.0.0.1

lists following:

...
     Assume default domain: true
...

but default domain is not used.

This breaks many things, so we stopped 10.04 Upgrade project.

maybe possible workaround:

* uninstall OpenLikewise
* install Samba / winbindd
* set up pam_winbind.so

This works as expected including default domain.

Same for me. My installation depends on a smooth integration into my Windows Domain, and without a fix for this bug I'm not going to upgrade and stay with 9.10

If I read the Likewise 5.4 documentation correctly, they evaluate the AssumeDefaultDomain flag only in the enterprise version, so I speculate they cut that off the free version and the behaviour isn't a bug but intentional, maybe to force people who started to depend on Likewise to buy the commercial version.

Neskie Manuel (neskiem) wrote :

@Juergen if that's true, then that doesn't seem like a thing to be promoting as the Ubuntu solution for joining machines to Active Directory.

@Christian
I did the same following
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

Pasi Sjöholm (pasi-sjoholm) wrote :

@Juergen,Neskie: The 5.4 documentation says: "Note: With Likewise Enterprise, you can manage this setting by using a Likewise group policy; see Set the Cache Expiration Time in the Likewise Enterprise guide."

However this means that you can use Windows Active Directory Group Policies to modify the cache time without doing it in any other way like using landscape/scripts/whatsoever..

So it's expected to work correctly on the open version and personally I think that they would lose "free testing"-service if they would make such a change as people would stop using the open-version. =)

James Stuart (james-stuart) wrote :

As with many of the other posters here, we have placed our plans to upgrade to 10.04 on hold, pending the resolution of this bug and bug 572271 which Pasi refers to above.

I would also like to note that some of the configuration settings stored in the registry, such as HomeDirTemplate, are honored. Others, such as AssumeDefaultDomain, are not.

We have a fix in testing. I will generate new packages for the likewise open PPA in the next 24 hours hopefully and let you know.

Changed in likewise-open (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Gerald Carter (coffeedude.jerry)
Nelson Baptista (nelson.ba) wrote :

Hello,

just to say that i've update to likewise-open_5.4.0.42111-3~ppa4~lucid_i386.deb
and now the "AssumeDefaultDomain" setting works!

Thanks!
Best Regards
NBA

Thanks for the feedback. Once I get verification on a couple of other fixes in that package, I'll submit the upload request.

Changed in likewise-open (Ubuntu):
status: In Progress → Fix Committed
Mark Chast (m-chast) wrote :

5.4.0.42111-3~ppa5~lucid

Seems to be working for me as well.

How long do these typically take to get into the official repository?

Marcos Saraiva (msaraiva) wrote :

Thanks, the fix works for me too. But i have to ask...will this be fixed upstream, or is it Ubuntu specific? It also affects 5.4.7985 (unstable), which made me roll back to 7939 for the linux workstations that do not run Ubuntu.

It was an upstream bug that was fixed and backported to the Ubuntu packages. Will take one week minimum to get it into Lucid from what I understand. We'll put new 5.4 packages on likewise.com some time next week.

Can confirm the fix works also for me.

However I do see a change in how username checks are handled. Before the AssumeDefaultDomain setting worked I could match 'domain\username' in group and sudo checks without problems. It didn't matter how the username was actually registered in AD (i.e. 'DOMAIN\UserName' or 'DOMAIN\USername', etc.). Now, with AssumeDefaultDomain on, I can logon with either 'USername', 'UserName' or 'username', but sudo and group check only work for the name that is used in AD. I.e. 'UserName' would match, but 'username' would not. But perhaps this behaviour was there before?

I confirm the fix in PPA build.

Thanks, Gerald!

Vide (vide80) wrote :

It works for me too but there is still a problem/different behaviour respect to 9.10. Now when I login I've always get "DOMAIN\username" as my unix username while before it was simply "username". This poses problems with, for example, "screen" which complain about "LoginName too long". Is this a bug or a config option?

The current behaviour is by design. I run screen with AD usernames and don't see that error log. What are you doing to get the error msg?

Vide (vide80) wrote :

Gerald: I simply try to execute screen with "screen" :)
My unix name is now 8 (domain name) + 1 (slash) + 14 (username) so it sums 23. And I can't change anything in my scenario.

Any suggestion?

I see. I wonder what the actual length limitation is. The name "AD\gcarter" works fine, but "ATLANTIS\Administrator" fails. Looks like a bug in screen filed upstream. http://savannah.gnu.org/bugs/?21653

Vide (vide80) wrote :

Yeah, I saw this too. There's a patch for that but it seems that was ignored.

http://<email address hidden>/msg00186.html

I'll open a wish in Ubuntu Launchpad so Ubuntu could apply this patch. If this is the new and definitive likewise behavior, more people are going to see this happening in the future.

Vide (vide80) wrote :

Now that is strange.. I've got a machine where the fix works (mine) and another on a colleague's PC with the same exact configuration (copied from my machine), the same exact likewise-open build (from your PPA) and there it still doesn't work. It accepts logins only with DOMAIN\username, not username.

How can I debug it?

Vide (vide80) wrote :

It seems that it works OK on amd64 but it doesn't work on i386. I've added the same repo on both machines and the version is the same a part from the architecture

Marcos, Alexander, Ninjix, are you using i386 or amd64?

I am using AMD64 systems.

Victor Chong (ragamofyn) wrote :

Vide: i386.

I am running the 5.4.0.42111-3~ppa5~lucid build from the PPA, virtualized under ESXi 4.0:

Linux edge 2.6.32-22-generic-pae #33-Ubuntu SMP Wed Apr 28 14:57:29 UTC 2010 i686 GNU/Linux
Ubuntu 10.04 LTS

Cheers,

Victor

Marcos Saraiva (msaraiva) wrote :

This bug is still present upstream (5.4 build 8040). What upstream build does the Ubuntu package represents?

dasunsrule32 (aaron.e) wrote :

This bug is still present for me, using 5.4.0.42111-3~ppa5~lucid and I also have problems with the following services never running at boot and I have to start them manually (I added /etc/init.d/service_name start & in rc.local and this fails too, so I have to start the services manually after every reboot):

dcerpd
eventlogd
lsassd
lwiod
lwregd

Thank you.

sydenis (sydenis) on 2010-07-05
Changed in likewise-open (Ubuntu):
status: Fix Committed → Fix Released
status: Fix Released → Fix Committed
Claus Frein (cfrein) wrote :

Hi sydenis,

I am not sure why you marked this bug as Fix Released/Commited - it's not.

Can you please explain or undo your status-change?

Claus

tobiasbitter (tobiasbitter) wrote :

I had this problem using 32Bit version of 10.04.
I also had the problem with short cached credentials and solved both problems by using 5.4.0.42111-3~ppa6~lucid from https://launchpad.net/~mgariepy/+archive/ppa

Pete Crossley (peterc) wrote :

I can confirm by using that https://launchpad.net/~mgariepy/+archive/ppa, likewise once again works as expected on my 32bit laptop (cache creds) and 64 server instance (cloud). Will we see this soon in a SRU?

The PPA works for me as well, however "HomeDirTemplate"="%H/%D/%U" doesn't seem to work, the home dir seems to be always /hone/likewise-open/%D/%U

 But the 'default domain' works now.

Pasi Sjöholm (pasi-sjoholm) wrote :

Matthew: have you flushed the cache? It will not work on users which have user account active in the cache before you flush it.

trainerbill (athroener) wrote :

I can also confirm that the https://launchpad.net/~mgariepy/+archive/ppa package works. What is the timeframe on getting this fix released? It is preventing upgrading our servers from hardy to lucid.

Bryan McLellan (btm) wrote :

Does anyone else have an issue after reboot with lsassd not starting after the first reboot with likewise-open=5.4.0.42111-3~ppa6~lucid? It runs fine when started manually.

root@lasras02:~# lwsm list
lwreg running (standalone: 724)
dcerpc running (standalone: 907)
eventlog running (standalone: 1076)
lsass dead
lwio running (standalone: 1164)
netlogon running (standalone: 989)
npfs running (io: 1164)
pvfs stopped
rdr running (io: 1164)
srv stopped
srvsvc stopped
root@lasras02:~# lw-find-user-by-name mclellanb
Failed to locate user. Error code 2 (ERROR_FILE_NOT_FOUND).
Unknown error
root@lasras02:~# lsassd --start-as-daemon --syslog &
[1] 25336
root@lasras02:~# lw-find-user-by-name mclellanb
User info (Level-0):
====================
Name: mclellanb
SID: S-1-5-21-1461435909-1932928848-1747393877-1108
Uid: 2048918612
Gid: 2048918017
Gecos: Bryan McLellan
Shell: /bin/bash
Home dir: /home/OPTIMIZE/mclellanb
Logon restriction: NO

The bug appears to be back in ~ppa7-lucid.

 I had 'default domain' logins working fine, I did an 'apt-get upgrade' which fetched a newer version of the PPA and now default domain doesn't work. Domain logins work - if I put {DOMAIN\\} in front of the login name, authentication against the AD works.

 Configuration files unchanged. AssumeDefaultDomain is still set.

Mark Chast (m-chast) wrote :

I also installed the latest Ubuntu patch for this package and the AssumeDefaultDomain setting is not working. When can we expect this item to be resolved "in production".

Just as an FYI, I first started experiencing this issue on Oracle Enterprise Linux prior to this release of likewise-open.

On OEL, I went to this version:

LikewiseIdentityServiceOpen-5.4.0.7985-linux-x86_64-rpm

That version works fully as expected upstream, and was downloaded directly from likewise's site. Is it a possibility to go to the 7985 build or later from where we are now (42111)? Although, now that I'm looking at that, one would *think* that 42111 would be a later build than 7985.

I installed that build back on Jan 28. It seems pretty obvious that this problem is firmly rooted upstream. We need to get onto a build where the problem is resolved and go from rather than trying to patch out the problem locally on Ubuntu IMHO.

If it weren't already common knowledge, builds can be quickly obtained here:

http://www.likewise.com/bits/

Going to give this a shot:

http://www.likewise.com/bits/summer09/8040/LikewiseIdentityServiceOpen-5.4.0.8040-linux-x86_64-deb-installer

I'll report how it goes - this is the most recent build available after 7985. One would hope the problem did not spring back up in the later build...

Marcos Saraiva (msaraiva) wrote :

Bug is still present on this other build.

- - - - - - - - - - - - - - - - - - - - - -
Marcos Saraiva

On Tue, Aug 3, 2010 at 15:44, Tony Shadwick <numbski+bugs.launchpad.net@
hksilver.net> wrote:

> Going to give this a shot:
>
>
> http://www.likewise.com/bits/summer09/8040/LikewiseIdentityServiceOpen-5.4.0.8040-linux-x86_64
> -deb-installer<http://www.likewise.com/bits/summer09/8040/LikewiseIdentityServiceOpen-5.4.0.8040-linux-x86_64%0A-deb-installer>
>
> I'll report how it goes - this is the most recent build available after
> 7985. One would hope the problem did not spring back up in the later
> build...
>
> --
> AssumeDefaultDomain does not work
> https://bugs.launchpad.net/bugs/534629
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “likewise-open” package in Ubuntu: Fix Committed
>
> Bug description:
> Binary package hint: likewise-open
>
> Setting "AssumeDefaultDomain"=dword:00000001 does not work with
> likewise-open 5.4.0.39949-3 on Ubuntu 10.04 (development branch) 64 bit.
>
> Steps to reproduce:
> 1. Install likewise-open, join domain.
> 2. Check likewise behavior: getent passwd domain\\testuser returns
> information, getent passwd testuser does not.
> 2. Change AssumeDefaultDomain to dword:00000001 in
> /etc/likewise-open/lsassd.reg
> 3. Run lwregshell import /etc/likewise-open/lsassd.reg
> 4. Run lw-refresh-configuration
> 5. Check behavior again: getent passwd testuser does not return information
> while it now should...
>
> To unsubscribe from this bug, go to:
>
> https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/534629/+subscribe
>

Well - looks like the bug *did* reappear in 8040.

Wow. So 7985 it is fixed, by 8040 it is busted again.

MattW (seattle) (mbw) wrote :
Download full text (3.6 KiB)

  Folks, versions prior to 8046 have a security flaw - Get something
newer, if you can find it .... see the advisory below:

Likewise Software has posted a security advisor on our Likewise Open
forum announcements
http://cts.vresp.com/c/?LikewiseSoftware/a4f78d058f/1b43a64120/5eac187271.
  This notice is to inform you of a critical update to specific
Likewise Open packages that we have made available on our product
download site. Below is a copy of the security advisory message.

_____________________________________________________________

Likewise Security Advisory LWSA-2010-001
http://cts.vresp.com/c/?LikewiseSoftware/a4f78d058f/1b43a64120/6600c07eb4

_____________________________________________________________

Package : Likewise Open
Service : Likewise Security Authority (lsassd)
Date : 26-July-2010
Platform(s) : Linux, OS X, Solaris, HP-UX, AIX, FreeBSD
Versions : Likewise Open 5.4 (prior to build 8046)
       Likewise-CIFS 5.4 (prior to build 8046)
       Likewise Open 6.0 (prior to build 8234)
CVE(s) : CVE-2010-0833
_____________________________________________________________

Summary:

   A logic flaw has been found in the pam_lsass library that,
   when run under the context of a root service (e.g. sshd,
   gdm, etc.), will allow any user to logon as a lsassd
   local-provider account (e.g. MACHINE\Administrator) if
   the account's password is marked as expired. The cause
   is that the pam_lsass library uses SetPassword logic when
   detecting that the uid is 0 therefore not requiring
   that the intruder validate against the expired password
   before being allowed to specify a new password.

   All Likewise Open users are encouraged to upgrade to
   the latest released packages for their version or to
   to employ the stated workaround until such a time when
   an upgrade may be performed.

   This defect was first reported by Matt Weatherford from
   the University of Washington. Our thanks to Matt for
   helping improve Likewise Open.
_____________________________________________________________

Workaround:

   Explicitly disabling the MACHINE\Administrator (or any
   other lsassd local-provider accounts not in use) will
   prevent unauthorized access. This may be done by running
   the following command as the local superuser. Replace
    with the hostname of the local system

     $ lw-mod-user --disable-user "\Administrator"

   You may verify that the account is disabled by running the
   lw-find-user-by-name command

     $ lw-find-user-by-name --level 2 "MACHINE\Administrator"
     ...
     Account disabled (or locked): TRUE
_____________________________________________________________

Updated Packages:

   New packages for both Likewise Open 5.4 and Likewise Open
   6.0 have been made available from

http://cts.vresp.com/c/?LikewiseSoftware/a4f78d058f/1b43a64120/5976b460b8.

http://www.likewise.com/download

_____________________________________________________________
Likewise Security Team <email address hidden>
http://cts.vresp.com/c/?LikewiseSoftware/a4f78d058f/1b43a64120/ea59d7255f

_____________________________________________________________

_____________________________________...

Read more...

I'm investigating. ./sigh

Those links have compulsory registration. :( That's why I posted the links I did.

Would be good to know whether the newer builds have this fixed or not.

8046 can be had here:

http://www.likewise.com/bits/likewise_cifs/8046/

I'll test this build now.

Works fine for me using 5.4.0.42111-3~ppa7

$ ssh gcarter@192.168.1.150
Password:
Last login: Fri Jul 30 12:43:28 2010 from hickory.local

gcarter@hickory:~$ pwd
/home/likewise-open/AD/gcarter

gcarter@hickory:~$ id
uid=181931072(gcarter) gid=181928449(Domain^Users) groups=1544(BUILTIN\Administrators),1545(BUILTIN\Users),181928448(Domain^Admins),181928449(Domain^Users),181928454(Schema^Admins),181928455(Enterprise^Admins),181931056(UnixAdmins),181931061(UnixUsers),181931566(TopGroup1),181931579(CertUsers)

After you set "AssumeDefaultDomain" to 1, the run

  $ lw-ad-cache--delete-all
  $ lw-refresh-configuration

Bug *is* resolved in build 8046. Don't let the name throw you either, this is in fact the right installer.

Be aware that although build 8046 resolves this bug, the following bug is still present:

https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/575152

I'm not entirely clear on how they test this stuff, but I'm pretty sure these are two of the most commonly sought after features, and yet they are broken out of the box. Seems like you would trip on these pretty much right away. :(

Pete Crossley (peterc) wrote :

Have we started the SRU (Lucid) process for this as well as (LP: #575152)?

Pete Crossley (peterc) wrote :

What version was the ppa for likewise when this fix was committed and verified. Currently the ~ppa7 version fails to start lsassd on an amd64 system and ~ppa6 lsassd only will run when exeucted by hand (lsassd --start-as-daemon --syslog). lwsm does not start the service correctly and reports dead.

.
on boot.. I see:

lwreg running (standalone: 1491)
dcerpc running (standalone: 1653)
eventlog running (standalone: 2075)
lsass dead
lwio running (standalone: 2438)
netlogon running (standalone: 1726)
npfs running (io: 2438)
pvfs stopped
rdr running (io: 2438)
srv stopped
srvsvc stopped

~ppa7 error lsassd on 64bit
root@ubuntu:~# lsassd
20100809221100:INFO:0x7f3c8994d760:Lsass crashed with signal 11
20100809221100:INFO:0x7f3c8994d760:0 - lsassd() [0x406bb3]
20100809221100:INFO:0x7f3c8994d760:1 - /usr/lib/likewise-open/liblwbase_nothr.so.0(LwRtlRBTreeFind+0x18) [0x7f3c847022f8]
20100809221100:INFO:0x7f3c8994d760:2 - /usr/lib/likewise-open/liblwbase_nothr.so.0(LwRtlRBTreeFind+0x18) [0x7f3c847022f8]
20100809221100:INFO:0x7f3c8994d760:3 - /usr/lib/likewise-open/libsamdb.so(SamDbAttributeLookupByName+0x1e) [0x7f3c7a7cd62e]
20100809221100:INFO:0x7f3c8994d760:4 - /usr/lib/likewise-open/libsamdb.so(SamDbSearchObject_inlock+0x3f9) [0x7f3c7a7d9129]
20100809221100:INFO:0x7f3c8994d760:5 - /usr/lib/likewise-open/libsamdb.so(SamDbSearchObject+0x78) [0x7f3c7a7d9b18]
20100809221100:INFO:0x7f3c8994d760:6 - /usr/lib/likewise-open/libsamdb.so(+0xa53b) [0x7f3c7a7d153b]
20100809221100:INFO:0x7f3c8994d760:7 - /usr/lib/likewise-open/libsamdb.so(SamDbInit+0x208) [0x7f3c7a7d5f48]
20100809221100:INFO:0x7f3c8994d760:8 - /usr/lib/likewise-open/libsamdb.so(DirectoryInitializeProvider+0x147) [0x7f3c7a7d6137]
20100809221100:INFO:0x7f3c8994d760:9 - /usr/lib/likewise-open/libdsapi.so.0(DirectoryLoadProvider+0x100) [0x7f3c88b16f30]
20100809221100:INFO:0x7f3c8994d760:10 - /usr/lib/likewise-open/libdsapi.so.0(DirectoryGetProvider+0xbe) [0x7f3c88b1711e]
20100809221100:INFO:0x7f3c8994d760:11 - /usr/lib/likewise-open/libdsapi.so.0(DirectoryOpen+0x2c) [0x7f3c88b16c7c]
20100809221100:INFO:0x7f3c8994d760:12 - /usr/lib64/likewise-open/liblsass_auth_provider_local.so(LocalSyncDomainInfo+0xc5d) [0x7f3c7abff9fd]
20100809221100:INFO:0x7f3c8994d760:13 - /usr/lib64/likewise-open/liblsass_auth_provider_local.so(LsaInitializeProvider2+0x16d) [0x7f3c7ac07e5d]
20100809221100:INFO:0x7f3c8994d760:14 - /usr/lib/likewise-open/liblsaserverapi.so.0(LsaSrvInitAuthProvider+0x9e) [0x7f3c8954510e]
20100809221100:INFO:0x7f3c8994d760:15 - /usr/lib/likewise-open/liblsaserverapi.so.0(LsaSrvInitAuthProviders+0x797) [0x7f3c895461c7]
20100809221100:INFO:0x7f3c8994d760:16 - /usr/lib/likewise-open/liblsaserverapi.so.0(LsaSrvApiInit+0x2c0) [0x7f3c8954d040]
20100809221100:INFO:0x7f3c8994d760:17 - lsassd() [0x404127]
20100809221100:INFO:0x7f3c8994d760:18 - lsassd() [0x4065ef]
20100809221100:INFO:0x7f3c8994d760:19 - /lib/libc.so.6(__libc_start_main+0xfd) [0x7f3c83903c4d]
20100809221100:INFO:0x7f3c8994d760:20 - lsassd() [0x402f89]
Segmentation fault

Deje (deje07) wrote :

Could we get some info about when this issue is to be "Fix released" and available in the repos?

I'll second that. If fix *was* released, what was the fix? Have we rolled to build 8046 upstream?

Has a fix been rolled out for Ubuntu (Lucid) 10.04 yet? Or do anyone have a clue about a date?
I'm currently running Likewise-open 5.4.0.42111-2ubuntu1.2 and the bug is still present.

trainerbill (athroener) wrote :

I did an upgrade today that updated my likewise version to likewise-open 5.4.0.42111-3. Not only did this update not fix the assume default domain issue but also introduced the same issue with home folder redirection. My home folder is now set to %H/likewise-open/%D/%U. I had to do a sym link to correct the issue because changing the registry entries was not working. This is what I tried:

Using an amd64 system

1. Editing /etc/likewise-open/lsassd.reg
     - Changed to "AssumeDefaultDomain"=dword:00000001
     - Changed to "HomeDirTemplate"="%H/%D/%U"
     - Changed all other references of "%H/likewise-open/%D/%U" to "%H/%D/%U"
2. Ran lwregshell import /etc/likewise-open/lsassd.reg
3. Ran lw-refresh-configuration
4. Rebooted.

Still No Luck

1. Ran lw-edit-reg.
     - Both AssumeDefaultDomain and HomeDir were correct
2. lw-eventlog-cli -s - localhost
     - Showed true on Assume default domain
     - Showed HomeDir to be correct.

Created VM of Ubuntu 10.04.1 server edition i386 and had the same issues.
Created VM of Ubuntu 10.10 amd64 beta. Same version of likewise though it errors with the following error when joining the domain:
    - Lsass Error [code 0x00080047]. 31 (0x1F) ERROR_GEN_FAILURE - Unknown error

Finally I grabbed the newest version of likewise off the official site. Installed it and set the registry options. Refreshed the configuration. Rebooted and viola. Success.

Verdict: Likewise is a mess in Ubuntu and has been for almost 6 months now. Meerkat doesn't look like it is going to fix it either.

Jimmy Gibson (jimmy-gibson) wrote :

I've also applied the upgrade hoping this issue had been fixed in the maintstream packages and AssumeDefaultDomian still doesn't work! Running 32-bit on amd64 and intel.

I'm surprised at this, as I had been running the ppa7 version which fixed the problem but resulted in painfully slow login times and application opening times! Changes to caching settings to speed things up caused lsassd to crash!

I agree with trainerbill's verdict, Ubuntu/Canonical obviously haven't got their act together in tranfersing fixes from ppa release to mainstream release.

This is fast becoming a long running, not so funny, joke! I'm hoping they get this sorted quickly as I'm having to tell my users to use the domain prefix when they login, which also breaks ~ expansion.

I, sadly, have to echo Jimmy's thoughts on this because a long, sad, unfunny joke. :(

I've been trying to move our infrastructure towards Ubuntu and off of SuSE - our other option being Red Hat. This bug is killer - because I'm basically having to baby the situation along by hand behind the scenes until this is fixed. That's not an acceptable situation for a corporate environment. I do realize the paid support scenario, and we're looking into it as I'm typing this - but there is just *no way* you have other corporate users running likewise and not have this issue elsewhere. I don't see a single way that a company installs this and doesn't want assumedefaultdomain enabled by default. In fact, the entire concept of a unix or linux username containing a backslash is counter-intuitive *at least*.

This isn't flames - it is just a statement of fact. Windows users moving to Ubuntu will want to only have to type their usernames. They only have to on Windows (yes, I know the domain is already there in a drop-down), and for SSH users, it only causes confusion. As it is, I have left this defaulted on some servers, and we have 2 domains in play, so telling them to do this to ssh in drives them instane:

ssh -l <email address hidden> server.domain1.tld

Where on every other server they simply do:

ssh <email address hidden>

DNS can help this situation along a bit - but not completely. Let's not even talk about Windows users that use PuTTy to connect. Talking them through these connection situations is an exercise in frustration.

Especially when the latest upstream package *works*. Well, mostly anyway. This bug is fixed - 57512 is still present, but 1 out of 2 is better than none. As I can tell in the .deb that Likewise supplies, you merely need to change some paths. Nothing earth-shattering there.

So level with us here - what is going on? Is there no maintainer for this package? If not - please consider assigning someone. If Canonical wishes to grow it's corporate presence, which I believe it does with the advent of Landscape Server, this package, almost more than any other (Samba included!) is critical. This handles the authentication and Kerberos on the domain. This is the thing that makes all of the other stuff tick.

Looking into that paid support now - but I'm astonished that other paid users haven't complained already. We are in a DoD (US) environment, so Landscape Server is a tricky thing, and the reason we hadn't jumped already.

Johan Ramm-Ericson (johanre) wrote :

At my company we simply chose to give up on likewise. We've migrated to Samba / winbind instead.

So...again we're "Fix Committed"...? What, where, and how? Lucid still says "undecided"...?

Pasi Sjöholm (pasi-sjoholm) wrote :

Hmm.. it would be best if lucid would be upgraded to likewise-open version 6.

As it seems that 5.4 is totally broken with Maverick and version 6 should work with it:

--cut--
With the release of Ubuntu 10.10 (Maverick) changes in the distribution have caused the version of Likewise-Open available in the standard Ubuntu apt-get repository to break.

Likewise-Open 6.0-8269 (currently available on the download page) has undergone limited testing since the release of 10.10 (Maverick) and appears to be functioning as expected under limited stress testing. The Likewise-Open 6.0-8269 installer is available at: http://www.likewise.com/download
--cut--

http://www.likewise.com/community/index.php/forums/viewannounce/863_8/

Jason Sharp (jsharp) wrote :

I can confirm this is still broken in likewise-open 5.4.0.42111-2ubuntu2

lw-event-cli -s - localhost | grep Assume show "Assume default domain: true" and i still need to use us\%username% to login

I was unable to get LikewiseOpen 6 to be able to let me log in setting Assume Default Domain either. It would be nice to get this fixed

Jason Sharp (jsharp) wrote :

I downloaded and installed likewise-open_5.4.0.42111-3~ppa9_amd64.deb

After doing this, my default domain works and login's seem to go pretty smoothy. It would be if this could be added to 10.10, or at least submit it.

Hi Jason, we should have version 6 in 11.04, keep an eye out, all the aforementioned issues should be addressed in this release.

Joshua

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Jason Sharp
Sent: Thursday, January 13, 2011 7:04 AM
To: Joshua McClintock
Subject: [Bug 534629] Re: AssumeDefaultDomain does not work

I downloaded and installed likewise-open_5.4.0.42111-3~ppa9_amd64.deb

After doing this, my default domain works and login's seem to go pretty
smoothy. It would be if this could be added to 10.10, or at least
submit it.

--
You received this bug notification because you are a direct subscriber
of the bug.
https://bugs.launchpad.net/bugs/534629

Title:
  AssumeDefaultDomain does not work

Status in “likewise-open” package in Ubuntu:
  Fix Committed
Status in “likewise-open” source package in Lucid:
  New

Bug description:
  Binary package hint: likewise-open

  Setting "AssumeDefaultDomain"=dword:00000001 does not work with
  likewise-open 5.4.0.39949-3 on Ubuntu 10.04 (development branch) 64
  bit.

  Steps to reproduce:
  1. Install likewise-open, join domain.
  2. Check likewise behavior: getent passwd domain\\testuser returns information, getent passwd testuser does not.
  2. Change AssumeDefaultDomain to dword:00000001 in /etc/likewise-open/lsassd.reg
  3. Run lwregshell import /etc/likewise-open/lsassd.reg
  4. Run lw-refresh-configuration
  5. Check behavior again: getent passwd testuser does not return information while it now should...

To unsubscribe from this bug, go to:
https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/534629/+subscribe

Changed in likewise-open (Ubuntu Lucid):
milestone: none → lucid-updates
description: updated
Changed in likewise-open (Ubuntu Lucid):
assignee: nobody → Chuck Short (zulcss)
Changed in likewise-open (Ubuntu Maverick):
assignee: nobody → Chuck Short (zulcss)
milestone: none → maverick-updates
Changed in likewise-open (Ubuntu Lucid):
status: New → Confirmed
Changed in likewise-open (Ubuntu Maverick):
status: New → Confirmed
linux.girl (girllinux26) wrote :

Hello,

I am using oneiric oncelot 64 bit with likewise version 6.1.0.406 and assumedefaultdomain is not working for me.

Is there a fix for this?

Thanks in advance,

linux.girl

Pete Crossley (peterc) wrote :

I have oneiric running with 6.1.0.406-0ubuntu4 and it is functioning. I am overriding the following in the registry only from the default package settings.

[HKEY_THIS_MACHINE\Services\lsass\Parameters]
"SpaceReplacement"="-"

[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]
"HomeDirTemplate"="%H/%D/%U"
"SpaceReplacement"="-"
"AssumeDefaultDomain"=dword:00000001
"NssGroupMembersQueryCacheOnly"=dword:00000001
"RequireMembershipOf"=sza:""

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of linux.girl
Sent: Wednesday, February 08, 2012 10:41 AM
To: <email address hidden>
Subject: [Bug 534629] Re: AssumeDefaultDomain does not work

Hello,

I am using oneiric oncelot 64 bit with likewise version 6.1.0.406 and assumedefaultdomain is not working for me.

Is there a fix for this?

Thanks in advance,

linux.girl

--
You received this bug notification because you are subscribed to the bug report.
https://bugs.launchpad.net/bugs/534629

Title:
  AssumeDefaultDomain does not work

Status in “likewise-open” package in Ubuntu:
  Fix Committed
Status in “likewise-open” source package in Lucid:
  Confirmed
Status in “likewise-open” source package in Maverick:
  Confirmed

Bug description:
  Binary package hint: likewise-open

  Setting "AssumeDefaultDomain"=dword:00000001 does not work with
  likewise-open 5.4.0.39949-3 on Ubuntu 10.04 (development branch) 64
  bit.

  IMPACT STATEMENT
  ================

  Many Likewise Open prefer to set AssumeDefaultDomain, as it make the
  users/groups name more consistent with local one. It is particularly
  true in deployment where there is a single domain, where prepending
  the domain name would be somewhat redundant anyway.

  Moreover, this is a regression. People upgrading to a version of
  likewise-open where the AssumeDefaultDomain work as expected will find
  their user/group names have changed, and that they now need to prepend
  them with the domain name and separator.

  TEST CASE
  =========

  Steps to reproduce:
  1. Install likewise-open, join domain.
  2. Check likewise behavior: getent passwd domain\\testuser returns information, getent passwd testuser does not.
  3. Change AssumeDefaultDomain to dword:00000001 in /etc/likewise-open/lsassd.reg
  4. Run lwregshell import /etc/likewise-open/lsassd.reg
  5. Run lw-refresh-configuration
  6. Check behavior again: getent passwd testuser should return information
  7. Logins without domain included should work

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/534629/+subscriptions

linux.girl (girllinux26) wrote :

To complete the picture above, the procedure I used to install and add the computer to the domain is this one: https://help.ubuntu.com/10.04/serverguide/C/likewise-open.html

But I am reading now on likewise.com several things that I should have that I simply dont. For example:

the /opt is empty, there is no lwconfig there, no nothing, not even the domainjoin-gui.

Everything is working fine, except I dont have any of these files that I should have and therefore I cant even try to make the assumedefaultdomainwork.

Any ideas?

linux.girl (girllinux26) wrote :

Hi Peter,

I wrote the above a bit before I saw your answer (and I guess you wrote me before you saw my second post). Anyways, I still need help, hope you see my previous post and can help with it?

Thanks again,

linux.girl

linux.girl (girllinux26) wrote :

Hello,

I tried to use the version from their official site (beyondtrust.com) just like you suggested, but unfortunately it did not work for me.

The problems:

1 - The gui below did not come up. So I still had to add the computer to the domain using the CLI.

2 - After the computer was added to the domain, I rebooted and the command prompt appeared just with a $, no hostname, no username. Using the up and down arrows to see previous commands also was not working.

3 - since the gui didnt come up, I tried to change the lwconfig file, do assumedefaultdomain true. It did it, but after I logged in and out (and even reboot), I could no longer log into the computer with my account...

It gave me more problems than installing via cmd...so I dont know what to do now.

Any suggestions?

Thanks,

linux.girl

Rolf Leggewie (r0lf) wrote :

maverick has seen the end of its life and is no longer receiving any updates. Marking the maverick task for this ticket as "Won't Fix".

Changed in likewise-open (Ubuntu Maverick):
status: Confirmed → Won't Fix
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in likewise-open (Ubuntu Lucid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.