Ubuntu
sudo package

1.7.2p1ubuntu3 (lucid) :Gid Duplicate verification problem with likewise

Bug #548893 reported by imagineafond
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: sudo

Hi,
For my company i use likewise-open.
Since the version1.7.2 of sudo a check of duplicate gid is now implemented. When i use the "likewise" process, my first group of active directory appear twice, so when sudo is invocated and the lsassd process is running and connected to the AD, even if you are root the pwutil.c call an error and stop the sudo command.
Original message :
root@host:/home/user#sudo -l
sudo: unable to cache group domain users, already exists

To fix it i comment the verification in pwutil.c
patch in the attachement.

Revision history for this message
imagineafond (christophe-sabattier) wrote :
Revision history for this message
Metabaronen (emil-assarsson) wrote :

I encountered this problem with the ppa package of likewise-open
https://launchpad.net/~likewise-open/+archive/likewise-open-ppa?field.series_filter=lucid
After installing the old it started to work again.

Revision history for this message
aty (attila-gombos) wrote :

Will be any official patch release for this problem?
Is my problem connected to this bug?

I'd like to enable my Windows Domain Administrators group to login
through Webmin.
I'm using the Ubuntu 10.04 provided likewise-open package. Members of
Domain administrators group are able to authenticate through ssh and
to get root privileges through "sudo -i".
So /etc/sudoers looks like this:

%DOMAIN\\domain^admins ALL=(ALL) ALL

In Webmin I've also enabled this feature: "Allow users who can run all
commands via sudo to login as root"

However I can't login through Webmin interface. /var/log/auth.log states these:

Jul 7 13:30:42 lnx01 perl[2910]: pam_sm_authenticate: Called
Jul 7 13:30:42 lnx01 perl[2910]: pam_sm_authenticate: username = [DOMAIN\user]

Jul 7 13:30:42 lnx01 perl[2910]: pam_unix(webmin:session): session
opened for user DOMAIN\user by (uid=0)
Jul 7 13:30:42 lnx01 sudo: DOMAIN\user: TTY=pts/1 ;
PWD=/usr/share/webmin ; USER=root ; COMMAND=list
Jul 7 13:30:42 lnx01 webmin[2910]: Invalid login as domain\user from 10.2.1.16

I've also found this thread:
http://copilotco.com/mail-archives/webmin.2008/msg00719.html
But if I copy /etc/pam.d/sshd to /etc/pam.d/webmin nothing changes.

sudo status:
DOMAIN\user@mhlnx:~$ sudo -l -S
Matching Defaults entries for DOMAIN\user on this host:
    env_reset

User DOMAIN\usr may run the following commands on this host:
sudo: unable to cache group domain\domain^admins, already exists

Revision history for this message
Lorenzo De Liso (blackz) wrote :

Looks like this problem has been fixed at least since (about) Maverick Meerkat. Feel free to reopen this bug report if you can still reproduce the problem.

Changed in sudo (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.