Ubuntu
likewise-open package

likewise-open does not play nicely with diacritic characters in domain entities on 11.04

Bug #794108 reported by Oliver
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
likewise-open (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: likewise-open

Let me start by explaining the system details and observed behavior. We are running ejabberd on Ubuntu 11.04 and have it interface with PAM - and thus pam_lsass from likewise-open - to authenticate domain users.

The system is fully up-to-date as of now.

Interestingly we got the PAM authentication to work for some users, but it "mysteriously" failed for others. It turned out, that those failing where failing with LW_ERROR_STRING_CONV_FAILED. Usually - but not always - accompanied by the note (in syslog) that group membership lookup failed. When sifting through our AD, I noticed that all entities that have diacritic characters in them (e.g. á, ó, ú, æ, ö, ð, þ) would cause the failure. A test to verify my finding was to rename the security groups for some few accounts and replace the diacritic characters with their Latin default form. And indeed suddenly the affected accounts were able to log on.

The OUs - of which some also contain diacritic characters - don't seem to matter. However, the security groups and even the full name of the account owners did matter.

Sifting through a clone of the Likewise repo, I figured that the issue is likely conversion *from* UTF-16 to the MBCS of the process, though the same error is returned by the inverse operation as well. Since LANG defaults to "C" I figured that I had to pass the proper setting to the lsassd process. Proper being any UTF-8 locale, in my case I set LANG=en_US.UTF-8. This was done by modifying /usr/lib/likewise-open/init-base.sh (though /etc/init.d/lwsmd would have been an alternative), by adding:

LANG=en_US.UTF-8
export LANG

This completely resolved the issue.

I would like to propose that the package maintainer consider using /etc/default/lwsmd to provide a less intrusive means of fixing such behavior on Debian/Ubuntu in future.

Please let me know if anything is missing or unclear.

Best regards,

// Oliver

------

[2] root@jabber:~# lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04
[2] root@jabber:~# apt-cache policy likewise-open
likewise-open:
  Installed: 6.0.0.53010-4ubuntu5
  Candidate: 6.0.0.53010-4ubuntu5
  Version table:
 *** 6.0.0.53010-4ubuntu5 0
        500 http://is.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages
        100 /var/lib/dpkg/status

See original description
Oliver (oliver-assarbad)
description: updated
Launchpad Janitor (janitor)
Changed in likewise-open (Ubuntu):
status: New → Confirmed
Revision history for this message
Oliver (oliver-assarbad) wrote :

Hi there. Recently an upgrade to the likewise package was released. Of course this bombed my little fix. So I checked at what points I could abuse existing functionality without changing the behavior of the script otherwise. One thing I wanted to avoid, for example, was to lure the script into thinking it was running on a different system version than it is running.

It turns out that /usr/lib/likewise-open/init-base.sh sources - unconditionally - the file /etc/rc.subr, which is only relevant on some BSD systems and as far as I could tell not used on the Linux distros we're using. So what I did was to create this file with only the following two lines:

LANG=en_US.UTF-8
export LANG

This is not invasive at all and it should survive the next upgrade of likewise.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.