Ubuntu
gdm package

pam_ldap and gdm have issues

Bug #53922 reported by Wouter Verhelst
4
Affects Status Importance Assigned to Milestone
gdm (Ubuntu)
Invalid
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: gdm

A client of mine has a network with a Debian Sarge server and a few Ubuntu Dapper clients. The Sarge server runs slapd, and I've set up the clients to use pam_ldap.so and libnss-ldap.so to keep usernames centrally located. Also, /home is now NFS-mounted on the server. The pam_ldap stuff is configured through the common-* files in /etc/pam.d

When I log in on a getty, everything works; no sweat. So my PAM configuration seems to be okay.

When I log in through GDM, it accepts my username and password, but then just sits there, doing totally nothing. The password entry is greyed out, but instead of having gdmgreeter disappear and having the gnome session start, nothing happens.

I've tried enabling the debug option through gdm.conf, but then the bug disappears -- at least for the time being.

When I log in, 'ps aux --forest' shows me that _after entering username and password_, the initial gdm has three child processes: another gdm (forked off for handling the X server, probably), which has the X server and the gdmgreeter processes as children.

Running strace on that second gdm shows:
select(1024, [3], [], NULL, NULL
which never exits. File handle 3 is a socket; if I start strace before entering the username and the password, I see that the last syscall is a write() to that same file handle; by the looks of it, this would be the socket that communicates with the LDAP server. I believe (by looking at what is going over the wire with a sniffer) that it has already received an answer at this point, but I am not 100% sure.

To me, this looks like a race condition in one of pam_ldap.so, libnss-ldap.so, or gdm. Since it only occurs with gdm, however, I'm filing this against gdm.

I'm willing to provide the sniff and perhaps some more detailed strace information, but not through a public web interface -- some of these files contain some sensitive passwords in cleartext...

Revision history for this message
Lionel Porcheron (lionel.porcheron) wrote :

It looks like a NFS problem.

When you log on getty, are you sure you have a home directory ? Do you have nfs-common installed ?

Revision history for this message
Wouter Verhelst (wouter-debian) wrote : Re: [Bug 53922] Re: pam_ldap and gdm have issues

On Mon, Jul 24, 2006 at 06:29:06PM -0000, Lionel Porcheron wrote:
> It looks like a NFS problem.

Sorry, forgot to mention that -- I tried with NFS /home disabled, and it
still failed.

> When you log on getty, are you sure you have a home directory ?

Yes, absolutely.

> Do you have nfs-common installed ?

Sure, there are other shares open.

Like I said, it is doing a select() on a socket connected to the LDAP
server right after writing something to that socket. I don't see how
this could be related to NFS?

--
Wouter Verhelst
NixSys BVBA
Louizastraat 14, 2800 Mechelen
T: +32 15 27 69 50 / F: +32 15 27 69 51 / M: +32 486 836 198

Revision history for this message
Nick Chalk (nick-jamiescomputerclub) wrote :

I've been experiencing the same problem, with Ubuntu and XUbuntu 6.06.1.

The server is Debian Sarge, with a stable, working OpenLDAP installation, using TLS.

I've come across a work-around, though. If /etc/nsswitch.conf is set up with the entries like this...

passwd: files ldap
group: files ldap
shadow: files ldap

...then you can log in. The other way round (ldap files) hangs.

Nick.

Revision history for this message
Wouter Verhelst (wouter-debian) wrote :

On Mon, Sep 04, 2006 at 12:16:53PM -0000, Nick Chalk wrote:
> I've been experiencing the same problem, with Ubuntu and XUbuntu 6.06.1.
>
> The server is Debian Sarge, with a stable, working OpenLDAP
> installation, using TLS.
>
> I've come across a work-around, though. If /etc/nsswitch.conf is set up
> with the entries like this...
>
> passwd: files ldap
> group: files ldap
> shadow: files ldap
>
> ...then you can log in. The other way round (ldap files) hangs.

That may work; however, it means that one can no longer override data in
files with data that is published in LDAP. This is not what I want.

--
Wouter Verhelst
NixSys BVBA
Louizastraat 14, 2800 Mechelen
T: +32 15 27 69 50 / F: +32 15 27 69 51 / M: +32 486 836 198

Revision history for this message
Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote :

Thank you for your bug report. Do you still have this issue with the latest release of Ubuntu ?

Changed in gdm:
importance: Undecided → Medium
status: Unconfirmed → Needs Info
Revision history for this message
Wouter Verhelst (wouter-debian) wrote :

On Wed, Jun 13, 2007 at 10:11:43AM -0000, Jérôme Guelfucci wrote:
> Thank you for your bug report. Do you still have this issue with the
> latest release of Ubuntu ?

Dunno. This is an installation at a customer of mine, it's not my own...

--
Wouter Verhelst
NixSys BVBA
Louizastraat 14, 2800 Mechelen
T: +32 15 27 69 50 / F: +32 15 27 69 51 / M: +32 486 836 198

Revision history for this message
Jérôme Guelfucci (jerome-guelfucci-deactivatedaccount) wrote :

Ok thank you, I will wait for more feed back from other users.

Revision history for this message
Pedro Villavicencio (pedro) wrote :

We are closing this bug report as it lacks the information, described in the previous comments, we need to investigate the problem further. However, please reopen it if you can give us the missing information and don't hesitate to submit bug reports in the future.

Changed in gdm:
assignee: nobody → desktop-bugs
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.