8691 – pam_winbind will not allow gdm login if password about to expire

Bug 8691 - pam_winbind will not allow gdm login if password about to expire

Summary: pam_winbind will not allow gdm login if password about to expire

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	unspecified
Hardware:	x64 Linux

Importance:	P5 major (vote)
Target Milestone:	---
Assignee:	Jule Anger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-01-05 19:32 UTC by Joe
Modified:	2022-03-15 13:25 UTC (History)
CC List:	4 users (show)

See Also:	https://gitlab.com/samba-team/samba/-/merge_requests/2290

Attachments
patch for 4.16 and 4.15 (3.40 KB, patch) 2022-02-03 09:30 UTC, Andreas Schneider	ab: review+ gd: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joe 2012-01-05 19:32:46 UTC

When logging in to RHEL6 workstations, with an AD password that is about to expire, gdm will fail to login and redirect you back to the login screen. SSH and "login" will display "erroneous converstation (5)" when logging in with the same account, but will proceed to the shell.

pam_winbind uses the PAM_RADIO_TYPE message type to display a password change/expiration message in gdm. However, PAM 1.1.1-1.1.5 does not appear to completely implement this message type, or there is a problem with how pam_winbind implements it.

For now, I have disabled this message type before compilation of pam_winbind, and it seems to have worked around the problem. However, I cannot change my password from a gdm or ssh login when this is done.

I have done this by commenting out the following line in config.h

./source3/include/config.h

#define HAVE_PAM_RADIO_TYPE 1

Comment 1 Samba QA Contact 2021-12-16 03:06:05 UTC

This bug was referenced in samba master:

20c85cc1da8d8c7f1932fbdd92128bb6dafad472

Comment 2 Andreas Schneider 2022-02-03 09:30:04 UTC

Created attachment 17143 [details]
patch for 4.16 and 4.15

Comment 3 Alexander Bokovoy 2022-02-03 10:30:13 UTC

Comment on attachment 17143 [details]
patch for 4.16 and 4.15

LGTM

Comment 4 Guenther Deschner 2022-02-03 18:35:36 UTC

Comment on attachment 17143 [details]
patch for 4.16 and 4.15

LGTM

Comment 5 Guenther Deschner 2022-02-03 18:41:40 UTC

Jule, please add the patch to 4.15 and 4.16, thanks!

Comment 6 Jule Anger 2022-02-04 07:02:34 UTC

Pushed to autobuild-v4-15-test.
Patch is already in 4.16.

Comment 7 Samba QA Contact 2022-02-04 08:10:06 UTC

This bug was referenced in samba v4-15-test:

9d00a59761b6c209cb66dc79762a8e8f4fc979b5

Comment 8 Jule Anger 2022-02-04 18:06:41 UTC

Closing out bug report.

Thanks!

Comment 9 Samba QA Contact 2022-03-15 13:25:32 UTC

This bug was referenced in samba v4-15-stable (Release samba-4.15.6):

9d00a59761b6c209cb66dc79762a8e8f4fc979b5