Bug#383889: gnome-screensaver: unlock dialog always reports password invalid - same here
Witold Baryluk
baryluk at smp.if.uj.edu.pl
Wed Oct 8 09:15:13 UTC 2008
On 10-06 11:03, Josselin Mouette wrote:
> Le dimanche 05 octobre 2008 à 19:12 +0200, Witold Baryluk a écrit :
> > Hi,
> >
> > i'm using LDAP configuration without problem on dozen of workstations,
> > with everything working. Everything but one, screensaver unlocking.
> >
> > This is very iritating. I added pam_permit to
> > /etc/pam.d/gnome-screensaver
> > but this isn't the best way...
> >
> > Debug log in attachment
>
> AIUI, the debug log merely indicates that the PAM authentication check
> returns FALSE.
>
> Does it happen for all users or only one?
Yes, all LDAP users. Local users are only root and system accounts.
Just created "guest" account in /etc/{passwd,shadow} - unlocking
works.
>
> What is your locale? Does it also happen in C locale?
pl_PL.UTF-8. Just tested with C locale - same problem.
>
> Are there any 8-bit characters in the password?
No.
------------------------------------------------------------------------
/etc/nsswitch.conf :
passwd: compat ldap
group: compat ldap
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
------------------------------------------------------------------------
/etc/libnss-ldap.conf :
uri ldaps://ldapserver.smp.if.uj.edu.pl
ssl on
ldap_version 3
tls_cacertfile /etc/ssl/certs/SMP_Root_Certification_Authority.pem
rootbinddn cn=ldapadmin,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
base dc=smp,dc=if,dc=uj,dc=edu,dc=pl
scope sub
# ustawione bo udev przy bootowaniu jest skopany
bind_policy soft
nss_base_passwd ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_shadow ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_group ou=Group,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_aliases ou=Aliases,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
------------------------------------------------------------------------
/etc/pam_ldap.conf :
uri ldaps://ldapserver.smp.if.uj.edu.pl
ssl on
ldap_version 3
tls_cacertfile /etc/ssl/certs/SMP_Root_Certification_Authority.pem
rootbinddn cn=ldapadmin,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
base dc=smp,dc=if,dc=uj,dc=edu,dc=pl
scope one
pam_filter objectclass=posixAccount
pam_password md5
nss_base_passwd ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_shadow ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_group ou=Group,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_aliases ou=Aliases,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
------------------------------------------------------------------------
/etc/ldap/ldap.conf :
BASE dc=smp,dc=if,dc=uj,dc=edu,dc=pl
URI ldaps://ldapserver.smp.if.uj.edu.pl
TLS_CACERT /etc/ssl/certs/SMP_Root_Certification_Authority.pem
TLS_REQCERT hard
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
------------------------------------------------------------------------
/etc/pam.d/common-auth :
auth optional pam_group.so
auth sufficient pam_unix.so nullok_secure likeauth
auth sufficient pam_ldap.so use_first_pass
# ignore_authinfo_unavail
auth required pam_deny.so
------------------------------------------------------------------------
/etc/pam.d/common-account :
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
------------------------------------------------------------------------
/etc/pam.d/gnome-screensaver :
#auth sufficient pam_permit.so
@include common-auth
auth optional pam_gnome_keyring.so
--
Witold Baryluk
MAIL: baryluk at smp.if.uj.edu.pl
JID: witold.baryluk at jabster.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20081008/f2ce7a0c/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list