'lsassd' has to be restarted in order to login

Number 4. is:

My simple command line to restart 'lsassd' (/usr/bin/service lsassd restart &) no longer works in /etc/rc.local, not sure if a bunch of upstart stuff has been implemented in this release, that could cause that.

When I reboot the my Ubuntu 9.10 system, the accounts imported from MS AD are not available for logging in.
lsassd service reports that it's running, however.
If I restart the service, MS AD accounts start working again.
This seems to happen consistently with every reboot and crash.

After installing likewise on a fresh install of 10.04 (Lucid) Beta 1 (AMD64), lsassd appears to be running but a 'sudo netstat -lnp | grep lsassd' shows it is not bound to any inet ports. This also causes issues with joining and leaving domains, and likely most likewise related tasks. Restarting likewise via 'sudo /etc/init.d/lsassd restart' is the workaround.

likewise-open=5.4.0.42111-1

likewise needs upstart scripts.

For a workaround that is less manual on each startup (and could break other services with only sysinit scripts),

change:
start on filesystem and net-device-up IFACE=lo
to:
start on filesystem and net-device-up IFACE=eth0 #or whatever is your main interface

in /etc/init/rc-sysinit.conf

For your #5 above, this is what I have in a shell script to rectify your situation:
(thanks with help from the Likewise forum people)

 if [ -f /etc/likewise-open/lsassd.reg ] && [ "$(grep -c '"HomeDirTemplate"="%H/%D/%U"' /etc/likewise-open/lsassd.reg)" -lt "3" ]; then
        # Hardy sed -i 's,;umask = 0022,&\numask = 0027,' /etc/security/pam_lwidentity.conf
        # need to alter the home settings in the Likewise database
        echo "Processing the Likewise database to set Home Directory"
        sed -i 's,"HomeDirUmask"="022","HomeDirUmask"="027",' /etc/likewise-open/lsassd.reg
        sed -i 's,"HomeDirTemplate"="%H/likewise-open/%D/%U","HomeDirTemplate"="%H/%D/%U",' /etc/likewise-open/lsassd.reg
        lwregshell import /etc/likewise-open/lsassd.reg
        lw-refresh-configuration
        lw-ad-cache --delete-all
        /etc/init.d/lsassd restart
 else
        echo "NOT processing the Likewise database to set Home Directory, as it already looks processed."
 fi

Bryan, I'll try to get a repro. I've not seen the startup issue in my testing as of yet (with the likewise-open_5.4.0.42111-1 deb)

Bryan, I'll agree that likewise needs upstart scripts. But I cannot reproduce the failure you describe. I installed Lucid Neta 1 from CD and then installed the likewise-open 5.4.0.42111-1 deb from main, joined a domain, rebooted, and logged back in with no issues. Is this environmental depending on the startup of the machine or responsiveness of the DHCP server?

Gerald, just thought of something and will test once I get in the office. We are using CISCO switches that have portfast on them and so do many production environments. This slows the time that the link will become enabled with protocol up and intern slows the DHCP process. Have you tested this on your side with similar hardware? Since lo interface can come up without a link, I may theorize that you are correct the DHCP process is taking long and lssad is not able to start correctly.

I would agree with you Pete, I work at Arizona State University and there is a ton of Cisco stuff setup, so I think you are onto something. :-)

I also setup an Ubuntu 9.10 server at my PT job and am having the same exact problem, and we are running some Cisco stuff and Dell Powerconnect 3024's. I am using Server 2003 Enterprise and its' DHCP server.

ok. I don't have any Cisco switches handy. Any suggestions on a way to simulate the delayed DHCP server response? Or should I just bite the bullet and do the upstart scripts and see if that resolves it for you?

What DHCP server do you have? If you're trying to repro in a VM environment, I'd install dhcpd on the host, configure it for that interface (disabling dnsmasq) and try setting:

delay_reply_dhcpoffer 30000000

Ok so disabling portfast makes it work, so it looks like the only real solution would be to write upstart scripts. Side note why doesn't likewise handle the reconnect once networking is started?

What happens for laptop users when not connected to the dc? In karmic this works fine using cached creds I have not see this work since upgrading to lucid. I was wondering if this is also a lssad issue since it is not running on startup correctly? Dunno.

Here we need PortFast enabled otherwise, I believe the machine does
not come up with an IP address,then we have to manually, `sudo dhclient` to fix that problem.
(that was true with HardyHeron)

Putting that aside, I have noticed that logging in with an active directory account after a reboot, does not
always work. "authentication failure"

So I put this in the /etc/rc.local as a work around:

   sleep 15
   /etc/init.d/lsassd restart

So worse case, a user has to wait 15 seconds prior to the initial failed log in.
Without this delay and restart, I would have to log in to the machine, with a local account,
and manually restart lsassd.
I figured the problem was that everything starts up so fast on Linux, that the likewise stuff
just doesn't help itself out, by trying to restart on its own.

It appears that this bug and the password caching issue reported in LP BUG #509934 are an issue
with the lsassd AD provider not loading in the abscence of a network connection. For the record, I
repro no such failure which is odd given several confirming reports.

I've tried reproducing the DHCP offer delays using the ping-check and ping-timeout options in the dhcpd3-server. So far, logins (including cached ones) work as expected.

My next step is just to write the upstart scripts. Hopefully this will solve everything.

I just installed Lucid amd64 beta from CD and ran all updates. I am having the same issue where I have to restart lsassd to be able to log in post reboot.

Gerald, upstart scripts would certainly at least help isolate the issue.

And they'd remove another issue I have, with updates failing because they can't stop daemons that aren't running.

I think that this is an issue with the lsassd active-directory-provider failing to load due to trusted domain detection failures. Please test the 5.4.0.42111-2~ppa~lucid packages at https://launchpad.net/~likewise-open/+archive/likewise-open-ppa

Thanks.

I added the ppa to my system, ran apt-get update && apt-get upgrade and the packages from there was installed. After rebooting I was able to immediately login with my domain creds. Will this fix be in the regular repo soon? Thanks for the help!

Thanks Gene. I'll request start the upload request process today.

Thanks! Will you post back once it is all finished so that I know I can remove the extra repo?

new version just installed broke what was working... back to having to restart lsassd. Attached is info from apt-cache showpkg likewise-open

Gahh....sorry. the patch is there but got removed from the series file somehow....

I'll get a new upload to the PPA tomorrow.

Fixed (again) in 5.4.0.42111-2~ppa4~lucid

likewise-open (5.4.0.42111-2) lucid; urgency=low

  * LP BUG #509934, #510683 - Don't fail to load the lsassd
    ad-provider when we fail to add a domain to the trust list
  * LP BUG #543730 - Add likewise-open5-gui transition package
  * Fix the likewise-open-gui Gnome Administration menu item

 -- Gerald Carter <email address hidden> Wed, 07 Apr 2010 17:37:29 -0500

Closing that outdated report as EOL has been reached long time ago