libpam-winbind: unable to dlopen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack | ||
Zesty |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
[Impact]
The pam_winbind.so module is unusable in zesty. It won't load because of missing symbols:
Jun 21 13:17:05 zesty-pamwinbin
This is due to the (re)introduction of patch fix-1584485.patch which changes the way this module is built, trying to statically link some libraries. That linking was incorrectly done.
The patch was subsequently removed, but later added back again by mistake during a sync.
A new version of the patch exists (https:/
That was done, but since this could take some time, we decided it's best to revert the patch again.
[Test Case]
In a zesty machine/container:
* sudo apt install libpam-winbind winbind samba
* tail -f /var/log/auth.log
* perform a login on this machine. Via ssh, for example
* the broken version will log this:
Jun 21 13:17:05 zesty-pamwinbin
* The fixed version will load pam_winbind.so just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs:
Jun 21 17:48:52 zesty-pamwinbin
Jun 21 17:48:52 zesty-pamwinbin
[Regression Potential]
This reversal has been done before and worked. Right now, the biggest regression potential is to add the broken patch back again.
Reversing this patch will also reintroduce bug #1584485, but I think the configuration that leads to that bug is asking for trouble and I stated as such in a comment (https:/
That being said, it is my opinion that having a working pam_winbind module benefits more users than the amount of users that could be affected by the particular configuration that leads to #1584485.
[Other Info]
Sorry for keeping both bugs open (#1644428 and #1677329), but the history on this issue is a bit complicated with multiple SRUs and regressions.
Changed in samba (Ubuntu): | |
status: | New → Incomplete |
status: | Incomplete → Confirmed |
Changed in samba (Ubuntu): | |
status: | Confirmed → In Progress |
assignee: | nobody → Andreas Hasenack (ahasenack) |
importance: | Undecided → High |
Changed in samba (Ubuntu Zesty): | |
status: | New → In Progress |
assignee: | nobody → Andreas Hasenack (ahasenack) |
importance: | Undecided → High |
tags: | added: patch |
description: | updated |
description: | updated |
description: | updated |
I'm having the same problem in a 17.04 final installation.
I can't login with an AD account.
There is some way to solve this login bug?.