Activity log for bug #794108

Date Who What changed Old value New value Message
2011-06-07 15:41:04 Oliver bug added bug
2011-06-07 15:54:35 Oliver description Binary package hint: likewise-open Let me start by explaining the system details and observed behavior. We are running ejabberd on Ubuntu 11.04 and have it interface with PAM - and thus pam_lsass from likewise-open - to authenticate domain users. The system is fully up-to-date as of now. Interestingly we got the PAM authentication to work for some users, but it "mysteriously" failed for others. It turned out, that those failing where failing with LW_ERROR_STRING_CONV_FAILED. Usually - but not always - accompanied by the note (in syslog) that group membership lookup failed. When sifting through our AD, I noticed that all entities that have diacritic characters in them (e.g. ó, á, ä, ö, ð, þ) would cause the failure. A test to verify my finding was to rename the security groups for some few accounts and replace the diacritic characters with their Latin default form. And indeed suddenly the affected accounts were able to log on. The OUs - of which some also contain diacritic characters - don't seem to matter. However, the security groups and even the full name of the account owners did matter. Sifting through a clone of the Likewise repo, I figured that the issue is likely conversion *from* UTF-16 to the MBCS of the process, though the same error is returned by the inverse operation as well. Since LANG defaults to "C" I figured that I had to pass the proper setting to the lsassd process. Proper being any UTF-8 locale, in my case I set LANG=en_US.UTF-8. This was done by modifying /usr/lib/likewise-open/init-base.sh (though /etc/init.d/lwsmd would have been an alternative), by adding: LANG=en_US.UTF-8 export LANG This completely resolved the issue. I would like to propose that the package maintainer consider using /etc/default/lwsmd to provide a less intrusive means of fixing such behavior on Debian/Ubuntu in future. Please let me know if anything is missing or unclear. Best regards, // Oliver ------ [2] root@jabber:~# lsb_release -rd Description: Ubuntu 11.04 Release: 11.04 [2] root@jabber:~# apt-cache policy likewise-open likewise-open: Installed: 6.0.0.53010-4ubuntu5 Candidate: 6.0.0.53010-4ubuntu5 Version table: *** 6.0.0.53010-4ubuntu5 0 500 http://is.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages 100 /var/lib/dpkg/status Binary package hint: likewise-open Let me start by explaining the system details and observed behavior. We are running ejabberd on Ubuntu 11.04 and have it interface with PAM - and thus pam_lsass from likewise-open - to authenticate domain users. The system is fully up-to-date as of now. Interestingly we got the PAM authentication to work for some users, but it "mysteriously" failed for others. It turned out, that those failing where failing with LW_ERROR_STRING_CONV_FAILED. Usually - but not always - accompanied by the note (in syslog) that group membership lookup failed. When sifting through our AD, I noticed that all entities that have diacritic characters in them (e.g. á, ó, ú, æ, ö, ð, þ) would cause the failure. A test to verify my finding was to rename the security groups for some few accounts and replace the diacritic characters with their Latin default form. And indeed suddenly the affected accounts were able to log on. The OUs - of which some also contain diacritic characters - don't seem to matter. However, the security groups and even the full name of the account owners did matter. Sifting through a clone of the Likewise repo, I figured that the issue is likely conversion *from* UTF-16 to the MBCS of the process, though the same error is returned by the inverse operation as well. Since LANG defaults to "C" I figured that I had to pass the proper setting to the lsassd process. Proper being any UTF-8 locale, in my case I set LANG=en_US.UTF-8. This was done by modifying /usr/lib/likewise-open/init-base.sh (though /etc/init.d/lwsmd would have been an alternative), by adding: LANG=en_US.UTF-8 export LANG This completely resolved the issue. I would like to propose that the package maintainer consider using /etc/default/lwsmd to provide a less intrusive means of fixing such behavior on Debian/Ubuntu in future. Please let me know if anything is missing or unclear. Best regards, // Oliver ------ [2] root@jabber:~# lsb_release -rd Description: Ubuntu 11.04 Release: 11.04 [2] root@jabber:~# apt-cache policy likewise-open likewise-open: Installed: 6.0.0.53010-4ubuntu5 Candidate: 6.0.0.53010-4ubuntu5 Version table: *** 6.0.0.53010-4ubuntu5 0 500 http://is.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages 100 /var/lib/dpkg/status
2011-07-12 10:57:41 Sándor Rácz bug added subscriber Sándor Rácz
2011-07-27 14:54:19 Launchpad Janitor likewise-open (Ubuntu): status New Confirmed
2011-11-15 09:40:43 cd311 bug added subscriber cd311