Ubuntu
samba package

libpam-smbpass:amd64 (2:4.3.8+dfsg-0ubuntu0.14.04.2) causes PAM failure for dovecot

Bug #1571883 reported by Peter Nelson
30
This bug affects 4 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Dovecot (an IMAP mail server) stopped accepting connections last night. This happened after libpam-smbpass was automatically upgraded. Removing the libpam-smbpass package dovecot works again.

Other users are reporting the same behavior here:
http://ubuntuforums.org/showthread.php?t=2320889

From /var/log/syslog:

Apr 18 15:01:04 SERVER dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [x.x.x.x]
Apr 18 15:01:05 SERVER t of memory [2971]
Apr 18 15:01:05 SERVER dovecot: auth-worker(2971): Error: pam(USER,x.x.x.x): pam_start() failed: Critical error - immediate abort
Apr 18 15:01:11 SERVER dovecot: auth-worker(2971): Error: pam(USER,x.x.x.x): pam_start() failed: Critical error - immediate abort
Apr 18 15:01:13 SERVER dovecot: imap-login: Debug: SSL alert: close notify [x.x.x.x]
Apr 18 15:01:13 SERVER dovecot: imap-login: Debug: SSL alert: close notify [x.x.x.x]
Apr 18 15:01:13 SERVER dovecot: imap-login: Disconnected (auth failed, 2 attempts in 9 secs): user=<USER>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, TLS, session=<OJk/f8kwbQDY5HAW>

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libpam-smbpass 2:4.3.8+dfsg-0ubuntu0.14.04.2
ProcVersionSignature: Ubuntu 3.16.0-70.90~14.04.1-generic 3.16.7-ckt25
Uname: Linux 3.16.0-70-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
Date: Mon Apr 18 15:36:08 2016
InstallationDate: Installed on 2015-01-08 (466 days ago)
InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3)
OtherFailedConnect: Yes
ProcEnviron:
 TERM=xterm
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_US.UTF-8
 XDG_RUNTIME_DIR=<set>
SambaServerRegression: Yes
SmbConfIncluded: No
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Peter Nelson (rufus-inet) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
Revision history for this message
Rhys (tatric) wrote :

I had the same issue with PAM errors on ubuntu 14 LTS with Dovecott refusing to authenticate users and deny email.

I removed libpam-smbpass and a few mins later all my email clients started to work.

maybe because of updates to systemd? there was also PAM updates recently.

Revision history for this message
AlainKnaff (kubuntu-misc) wrote :

I had the same issue.

After commenting out the following lines from /usr/share/pam-configs/smbpasswd-migrate, and re-running pam-auth-update, all worked again:

#Auth-Type: Additional
#Auth-Initial:
# optional pam_smbpass.so migrate
#Auth-Final:
# optional pam_smbpass.so migrate

The relevant lines cause synchronization of samba passwords _when_user_logs_in_ to any service, rather than just when he changes passwords. In a steady state system, this is unneeded (Samba password only needs to change when Unix password changes as well).

I vaguely remember other such issues in the past with these lines. Maybe they shouldn't be included by default, or be present in a separate pam-config, to make it easier to disable them independently of the rules in the "Password" chain?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.