Cannot login to domain with likewise-open under Precise Pangolin Beta

Bug #946755 reported by Tony Mugan on 2012-03-05
42
This bug affects 8 people
Affects Status Importance Assigned to Milestone
likewise-open (Ubuntu)
Undecided
Unassigned

Bug Description

I upgraded from Oneiric to Precise and have been happily using likewise-open to login to my Windows domain at work.

Now the login is no longer available to me.

I can see my local accounts (not the domain account) and the login screen does not allow me to type a username (only allowed to select the username and then type the password).

I have tried reinstalling likewise-open and rejoining the domain.

Note, this DID work previously on Precise Alpha because the domain loginname was listed in the login screen.
All latest updates to Precise have been installed.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: likewise-open 6.1.0.406-0ubuntu5
ProcVersionSignature: Ubuntu 3.2.0-17.27-generic-pae 3.2.6
Uname: Linux 3.2.0-17-generic-pae i686
ApportVersion: 1.94-0ubuntu1
Architecture: i386
Date: Mon Mar 5 11:34:51 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Beta i386 (20110330)
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: likewise-open
UpgradeStatus: Upgraded to precise on 2012-02-19 (14 days ago)

Tony Mugan (tmugan) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in likewise-open (Ubuntu):
status: New → Confirmed
Tony Mugan (tmugan) wrote :

The solution to this looks like it is on the way

https://bugs.launchpad.net/unity-greeter/+bug/844044

Tony Mugan (tmugan) wrote :

Ok, some progress.

I edited the conf file

sudo nano /etc/lightdm/lightdm.conf

Then added the last line below which will allow a username and password combination to be explicitly supplied (reboot after making the change).

[SeatDefaults]
greeter-session=unity-greeter
user-session=ubuntu
autologin-user=
greeter-show-manual-login=true

However, I still cannot login as an Active Directory user (i.e. Windows login) even though I put in the correct username and password.

Tony Mugan (tmugan) wrote :

Ignore, that.
I needed a reboot.

Now I can choose "Login" at the login screen and it allows me to enter the Active directory username and password.
So I am now logging in again as my Windows domain username.

The only bit that does not seem to be working now is that my user is not being recognised as being part of the sudoers file even though I have added the Domain Users group to the sudoers file.
This worked in previous versions of Ubuntu and early alpha versions of 12.04.

Ballock (ballock) wrote :

Hey, Tony

Do you use pam_mkhomedir to create Windows accounts of your users? Does it work for you?
Please check if you can login to GUI without a homedir.
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/956848

Just out of curiosity, I can't solve your sudo problem (though I had a long relationship with those, like in https://bugs.launchpad.net/debian/+source/sudo/+bug/423252)

Tony Mugan (tmugan) wrote :

Boleslaw,

I just use likewise-open and register the machine on the domain with the domain-joining gui that comes with that.
Then I edit sudoers to add a line for Domain^Users and that's about it.

likewise-open creates a local home folder for the user, I believe, on first login.

Regards,

Tony

Chris Boyle (chris-boyle-1978) wrote :

12.04 Beta 2, up to date as of today. The only issue I had was my domain account not being recognized as a sudoer. Here are the details.

/etc/sudoers:
%DOMAIN\\domain^users ALL=(ALL) ALL

I changed it to this instead, which fixed it:

/etc/sudoers:
domain^users ALL=(ALL) ALL

Something must just have changed, which requires a small rewrite of how we recognize AD groups in the sudoers file. Anyway, hope that helps someone else.

Chris Boyle (chris-boyle-1978) wrote :

Type-o in that last fix. I forgot the % sign.

/etc/sudoers:
%domain^users ALL=(ALL) ALL

Tony Mugan (tmugan) wrote :

Monkey,

Thank you very much for posting this. I can confirm that it does indeed work.

SO there were two parts to manually rectifying this for me.
The changes to lightdm.conf to allow the login, and the change to the way that the domain account can be added to the sudoers file.

Cheers.

Misha Bazanov (bmw-) wrote :

>The only bit that does not seem to be working now is that my user is not being recognised as being part of the sudoers file even though I have added the Domain Users group to the sudoers file.

Try to add some domain user in adm group ( /etc/groups, comma separated) without domain name.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers