winbind remote users make session end prematurely in ubuntu 12.04 and ubuntu 12.10

Asked by piviul

I have a problem in ubuntu 12.04 and upgrading to 12.10 doesn't solve the problem. I have configured pam_winbind on a samsung ultrabook 530U. All seems to works for the local users but even if domain users can login in tty or console they can't in graphical mode: the logon process succeed (as you can see on auth.log below) but after a while the logon screen reappear. I can't understand in which packet the bug is, so I ask you if you can help me to understand where the bug is. In lightdm logs I can see:

> > [+552.19s] DEBUG: Session 3051 exited with return value 0
> > [+552.19s] DEBUG: User session quit
> > [+552.19s] DEBUG: Stopping display
> > [+552.19s] DEBUG: Sending signal 15 to process 1075
> > [+552.40s] DEBUG: Process 1075 exited with return value 0
> > [+552.40s] DEBUG: X server stopped
> > [+552.40s] DEBUG: Removing X server authority /var/run/lightdm/root/:0
> > [+552.40s] DEBUG: Releasing VT 7
> > [+552.40s] DEBUG: Display server stopped
> > [+552.40s] DEBUG: Display stopped
> > [+552.40s] DEBUG: Active display stopped, switching to greeter

Why session exited? How can I know what is the cause that end prematurely the session? There is a way to have more verbose loggin in lightdm?

For the sake of completeness I send you all logs during a such failing session.

In /var/log/auth.log:
> > Oct 31 10:20:34 01ULTRA1012 lightdm: pam_succeed_if(lightdm:auth):
> > requirement "user ingroup nopasswdlogin" not met by user
> > "DOMINIOCSA\ifagiolino"
> > Oct 31 10:20:36 01ULTRA1012 lightdm: pam_succeed_if(lightdm:auth):
> > requirement "user ingroup nopasswdlogin" not met by user
> > "DOMINIOCSA\psala"
> > Oct 31 10:20:42 01ULTRA1012 lightdm: pam_unix(lightdm:auth):
> > authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
> > user=DOMINIOCSA\psala
> > Oct 31 10:20:42 01ULTRA1012 lightdm: pam_winbind(lightdm:auth):
> > getting password (0x00004388)
> > Oct 31 10:20:42 01ULTRA1012 lightdm: pam_winbind(lightdm:auth):
> > pam_get_item returned a password
> > Oct 31 10:20:42 01ULTRA1012 lightdm: pam_winbind(lightdm:auth): user
> > 'DOMINIOCSA\psala' granted access
> > Oct 31 10:20:42 01ULTRA1012 lightdm: pam_unix(lightdm:session):
> > session closed for user lightdm
> > Oct 31 10:20:42 01ULTRA1012 lightdm: pam_unix(lightdm:session):
> > session opened for user DOMINIOCSA\psala by (uid=0)
> > Oct 31 10:20:42 01ULTRA1012 lightdm:
> > pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :0
> > Oct 31 10:20:42 01ULTRA1012 gnome-keyring-daemon[3084]: GLib:
> > getpwuid_r(): failed due to unknown user id (21046)
> > Oct 31 10:20:43 01ULTRA1012 lightdm: pam_unix(lightdm:session):
> > session closed for user DOMINIOCSA\psala
> > Oct 31 10:20:43 01ULTRA1012 lightdm: pam_winbind(lightdm:setcred):
> > user 'DOMINIOCSA\psala' OK
> > Oct 31 10:20:44 01ULTRA1012 lightdm: pam_unix(lightdm:session):
> > session opened for user lightdm by (uid=0)
> > Oct 31 10:20:44 01ULTRA1012 lightdm:
> > pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :0
> > Oct 31 10:20:45 01ULTRA1012 lightdm: pam_succeed_if(lightdm:auth):
> > requirement "user ingroup nopasswdlogin" not met by user
> > "DOMINIOCSA\psala"
> > Oct 31 10:20:45 01ULTRA1012 dbus[796]: [system] Rejected send message,
> > 2 matched rules; type="method_call", sender=":1.51" (uid=104 pid=3258
> > comm="/usr/lib/indicator-datetime/indicator-datetime-ser")
> > interface="org.freedesktop.DBus.Properties" member="GetAll" error
> > name="(unset)" requested_reply="0" destination=":1.15" (uid=0 pid=1210
> > comm="/usr/sbin/console-kit-daemon --no-daemon ")

In /var/log/syslog:
> > Oct 31 10:20:43 01ULTRA1012 acpid: client 1075[0:0] has disconnected
> > Oct 31 10:20:43 01ULTRA1012 acpid: client connected from 3143[0:0]
> > Oct 31 10:20:43 01ULTRA1012 acpid: 1 client rule loaded

In /var/log/lightdm:
> > [+544.98s] DEBUG: Greeter start authentication for DOMINIOCSA\psala
> > [+544.98s] DEBUG: Session 3046: Sending SIGTERM
> > [+544.98s] DEBUG: Started session 3051 with service 'lightdm',
> > username 'DOMINIOCSA\psala'
> > [+545.00s] DEBUG: Session 3051 got 1 message(s) from PAM
> > [+545.00s] DEBUG: Prompt greeter with 1 message(s)
> > [+551.27s] DEBUG: Continue authentication
> > [+551.34s] DEBUG: Session 3051 authentication complete with return
> > value 0: Success
> > [+551.34s] DEBUG: Authenticate result for user DOMINIOCSA\psala: Success
> > [+551.37s] DEBUG: User DOMINIOCSA\psala authorized
> > [+551.38s] DEBUG: Greeter requests session ubuntu
> > [+551.38s] DEBUG: Using session ubuntu
> > [+551.38s] DEBUG: Stopping greeter
> > [+551.38s] DEBUG: Session 1174: Sending SIGTERM
> > [+551.52s] DEBUG: Session 1174 exited with return value 0
> > [+551.52s] DEBUG: Greeter quit
> > [+551.56s] DEBUG: Dropping privileges to uid 21046
> > [+551.57s] DEBUG: Restoring privileges
> > [+551.60s] DEBUG: Dropping privileges to uid 21046
> > [+551.60s] DEBUG: Writing /home/DOMINIOCSA/psala/.dmrc
> > [+551.69s] DEBUG: Restoring privileges
> > [+551.76s] DEBUG: Starting session ubuntu as user DOMINIOCSA\psala
> > [+551.76s] DEBUG: Session 3051 running command
> > /usr/sbin/lightdm-session gnome-session --session=ubuntu
> > [+551.81s] DEBUG: Registering session with bus path
> > /org/freedesktop/DisplayManager/Session0
> > [+551.82s] DEBUG: Greeter closed communication channel
> > [+552.19s] DEBUG: Session 3051 exited with return value 0
> > [+552.19s] DEBUG: User session quit
> > [+552.19s] DEBUG: Stopping display
> > [+552.19s] DEBUG: Sending signal 15 to process 1075
> > [+552.40s] DEBUG: Process 1075 exited with return value 0
> > [+552.40s] DEBUG: X server stopped
> > [+552.40s] DEBUG: Removing X server authority /var/run/lightdm/root/:0
> > [+552.40s] DEBUG: Releasing VT 7
> > [+552.40s] DEBUG: Display server stopped
> > [+552.40s] DEBUG: Display stopped
> > [+552.40s] DEBUG: Active display stopped, switching to greeter
> > [+552.40s] DEBUG: Switching to greeter
> > [+552.40s] DEBUG: Starting new display for greeter
> > [+552.40s] DEBUG: Starting local X display
> > [+552.40s] DEBUG: Using VT 7
> > [+552.40s] DEBUG: Logging to /var/log/lightdm/x-0.log
> > [+552.40s] DEBUG: Writing X server authority to /var/run/lightdm/root/:0
> > [+552.40s] DEBUG: Launching X Server
> > [+552.40s] DEBUG: Launching process 3143: /usr/bin/X :0 -auth
> > /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
> > [+552.40s] DEBUG: Waiting for ready signal from X server :0
> > [+552.84s] DEBUG: Got signal 10 from process 3143
> > [+552.84s] DEBUG: Got signal from X server :0
> > [+552.84s] DEBUG: Connecting to XServer :0
> > [+552.84s] DEBUG: Starting greeter
> > [+552.84s] DEBUG: Started session 3147 with service 'lightdm',
> > username 'lightdm'
> > [+552.89s] DEBUG: Session 3147 authentication complete with return
> > value 0: Success
> > [+552.89s] DEBUG: Greeter authorized
> > [+552.89s] DEBUG: Logging to /var/log/lightdm/x-0-greeter.log
> > [+552.89s] DEBUG: Session 3147 running command
> > /usr/lib/lightdm/lightdm-greeter-session /usr/sbin/unity-greeter
> > [+553.19s] DEBUG: Greeter connected version=1.2.1
> > [+553.19s] DEBUG: Greeter connected, display is ready
> > [+553.19s] DEBUG: New display ready, switching to it
> > [+553.19s] DEBUG: Activating VT 7
> > [+553.19s] DEBUG: Stopping greeter display being switched from
> > [+553.81s] DEBUG: Greeter start authentication for DOMINIOCSA\psala
> > [+553.81s] DEBUG: Started session 3251 with service 'lightdm',
> > username 'DOMINIOCSA\psala'
> > [+553.82s] DEBUG: Session 3251 got 1 message(s) from PAM
> > [+553.82s] DEBUG: Prompt greeter with 1 message(s)

In /var/log/Xorg.0.log
> > [ 567.196] (II) evdev: Power Button: Close
> > [ 567.196] (II) UnloadModule: "evdev"
> > [ 567.196] (II) Unloading evdev
> > [ 567.260] (II) evdev: Video Bus: Close
> > [ 567.260] (II) UnloadModule: "evdev"
> > [ 567.260] (II) Unloading evdev
> > [ 567.264] (II) evdev: Power Button: Close
> > [ 567.264] (II) UnloadModule: "evdev"
> > [ 567.264] (II) Unloading evdev
> > [ 567.265] (II) evdev: WebCam SC-13HDL11431N: Close
> > [ 567.265] (II) UnloadModule: "evdev"
> > [ 567.265] (II) Unloading evdev
> > [ 567.265] (II) evdev: AT Translated Set 2 keyboard: Close
> > [ 567.265] (II) UnloadModule: "evdev"
> > [ 567.265] (II) Unloading evdev
> > [ 567.268] (II) UnloadModule: "synaptics"
> > [ 567.268] (II) Unloading synaptics
> > [ 567.334] ddxSigGiveUp: Closing log
> > [ 567.334] Server terminated successfully (0). Closing log file.

But the bug is not in lightdm because I have the same behavior using gdm3

Logs in /var/log/gdm/:0.log
> > (II) evdev: Power Button: Close
> > (II) Unloading evdev
> > (II) evdev: Video Bus: Close
> > (II) Unloading evdev
> > (II) evdev: Power Button: Close
> > (II) Unloading evdev
> > (II) evdev: WebCam SC-13HDL11431N: Close
> > (II) Unloading evdev
> > (II) evdev: AT Translated Set 2 keyboard: Close
> > (II) Unloading evdev
> > (II) Unloading synaptics
> > ddxSigGiveUp: Closing log
> > Server terminated successfully (0). Closing log file.

Logs in /var/log/gdm/:0-greeter.log
> > Avviso del window manager: CurrentTime used to choose focus window;
> > focus window may not be correct.
> > Avviso del window manager: Got a request to focus the no_focus_window
> > with a timestamp of 0. This shouldn't happen!
> >
> > ** (gnome-settings-daemon:1894): WARNING **: Name taken or bus went
> > away - shutting down
> > g_dbus_connection_real_closed: Remote peer vanished with error:
> > Underlying GIOStream returned 0 bytes on an async read
> > (g-io-error-quark, 0). Exiting.
> > g_dbus_connection_real_closed: Remote peer vanished with error:
> > Underlying GIOStream returned 0 bytes on an async read
> > (g-io-error-quark, 0). Exiting.
> >
> > (gnome-settings-daemon:1894): libappindicator-WARNING **: Unable to
> > send signal for NewStatus: La connessione è chiusa

Logs in /var/log/gdm/:0-slave.log
> > gdm-session-worker[1927]: pam_unix(gdm:auth): authentication failure;
> > logname= uid=0 euid=0 tty=:0 ruser= rhost= user=DOMINIOCSA\psala
> > gdm-session-worker[1927]: pam_winbind(gdm:auth): getting password
> > (0x00004388)
> > gdm-session-worker[1927]: pam_winbind(gdm:auth): pam_get_item returned
> > a password
> > gdm-session-worker[1927]: pam_winbind(gdm:auth): user
> > 'DOMINIOCSA\psala' granted access
> > gdm-session-worker[1927]: pam_unix(gdm:session): session opened for
> > user DOMINIOCSA\psala by (uid=0)
> > gdm-session-worker[1927]: pam_ck_connector(gdm:session): nox11 mode,
> > ignoring PAM_TTY :0
> > gdm-session-worker[1927]: pam_unix(gdm:session): session closed for
> > user DOMINIOCSA\psala
> > gdm-session-worker[1927]: pam_winbind(gdm:setcred): user
> > 'DOMINIOCSA\psala' OK

Have a great day

Piviul

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu samba Edit question
Assignee:
No assignee Edit question
Solved by:
piviul
Solved:
Last query:
Last reply:
Revision history for this message
piviul (piviul) said :
#1

I have observed that when remote (domain) users logon successfully in tty, console or ssh, the prompt is not set according to the rules inserted in /etc/profile but there is only a $... or better is set in accord to /etc/profile but the variable $BASH is set to /bin/sh instead of /bin/bash even if the $SHELL variable is set to /bin/bash and in smb.conf the template shell parameter is set to /bin/bash.

Furthermore I've found the same problem in a toshiba ultrabook portege Z830-10F (with ubuntu 12.04 or 12.10) and on a old acer aspire 2000 series where I have installed debian testing (wheezy). But the bug doesn't arise in various netbook I have installed (acer, asus, hp, samsung...)

...that's all.

:(( Piviul

Revision history for this message
piviul (piviul) said :
#2

I've found the cause: wrong permissions on nsswitch.conf :-[. The absence of read flag for "other" cause the problem I have described. I have solved with a chmod 644 /etc/nsswitch.conf

Piviul