Ubuntu
ltsp package

LTSP login problem with LDAP accounts

Asked by Jan Bakuwel

Hi,

Ubuntu 10.04 LTS 64bit with LTSP, 32bit thin clients. Thin clients boot fine. Login with local user works OK (thin client screen goes black then shows the Ubuntu desktop). Login with LDAP user doesn't work (thin client screen goes black then resets after a short while and goes back to the login screen). ssh login for both local and LDAP users works fine. home directory for both local and LDAP users is set correctly. Authentication is handled by pam, local accounts checked first, LDAP accounts checked second.

As you can see in the logs below, the login session for a local user that works takes a little time (8 seconds) after the "subsystem request for sftp". For the login session for a LDAP user that doesn't work, the "subsystem request for sftp" is followed immediately (1 second) by "Received disconnect from 192.168.64.33: 11: disconnected by user".

The syslog of the DWS doesn't show any difference between successful and failed login sessions.

I'd like to diagnose this problem a bit further but don't know where to start. Could it be a "sftp" authentication issue?

From auth.log for a local login (sysop) that works:

Jan 19 14:37:29 u1004ts sshd[1540]: Accepted password for sysop from 192.168.64.32 port 57645 ssh2
Jan 19 14:37:29 u1004ts sshd[1540]: pam_unix(sshd:session): session opened for user sysop by (uid=0)
Jan 19 14:37:29 u1004ts sshd[1540]: pam_setquota: bsoftlimit=1048576 bhardlimit=1048576 isoftlimit=0 ihardlimit=0
Jan 19 14:37:29 u1004ts sshd[1540]: pam_setquota: bsoftlimit=1048576 bhardlimit=1048576 isoftlimit=0 ihardlimit=0
Jan 19 14:37:52 u1004ts sshd[1608]: subsystem request for sftp
Jan 19 14:37:58 u1004ts polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session7 (system bus name :1.26 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF8)

From auth.log for a LDAP login (test) that doesn't work:

Jan 19 14:39:47 u1004ts sshd[1909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=u1004ws1 user=test
Jan 19 14:39:50 u1004ts sshd[1909]: Accepted password for test from 192.168.64.33 port 36050 ssh2
Jan 19 14:39:50 u1004ts sshd[1909]: pam_unix(sshd:session): session opened for user test by (uid=0)
Jan 19 14:39:50 u1004ts sshd[1909]: pam_setquota: bsoftlimit=1048576 bhardlimit=1048576 isoftlimit=0 ihardlimit=0
Jan 19 14:39:50 u1004ts sshd[1909]: pam_setquota: bsoftlimit=1048576 bhardlimit=1048576 isoftlimit=0 ihardlimit=0
Jan 19 14:40:10 u1004ts sshd[1979]: subsystem request for sftp
Jan 19 14:40:11 u1004ts sshd[1979]: Received disconnect from 192.168.64.33: 11: disconnected by user
Jan 19 14:40:11 u1004ts #010: pam_unix(sshd:session): session closed for user test

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu ltsp Edit question
Assignee:
No assignee Edit question
Solved by:
Jan Bakuwel
Solved:
Last query:
Last reply:
Revision history for this message
Jan Bakuwel (jan-bakuwel-gmail) said : 		#1

Hi,

Just noticed all is working fine with one particular LDAP server but not with another.

The ldap attributes vary slightly between those two LDAP servers but obvious things like homeDirectory and loginShell are the same (and set to the correct value).

Which ldap attributes are relevant for LTSP logins?

Revision history for this message
Jan Bakuwel (jan-bakuwel-gmail) said : 		#2

Hi,

It appeared that one LDAP server specified /bin/tcsh for loginShell and the other /bin/bash (.
Seems LTSP doesn't work with tcsh but does work with bash

:-)

Jan