| View previous topic :: View next topic |
| Author |
Message |
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
 Posted: Wed Nov 14, 2018 6:06 am Post subject: [solved] GDM & LDAP - Can't Login |
 |
|
so i've got a server running gentoo and hosting a small ldap directory. i've got a few desktops on the same network, acting as ldap clients and authenticating against the directory. all the clients have been able to login to the command line and to gnome (via gdm) for _years_ (over 5 years). one of the desktops does not have gnome or gdm, and instead is running slim.
i updated several packages on the desktops last week. i rebooted the desktop running slim and login worked fine. i then rebooted one of the desktops running gnome and gdm, and any ldap user cannot login and get a gnome session. after entering the password, screen goes black for a few seconds then returns to the main gdm login screen to pick/enter a user name. the command line still works for logging in on the same desktop, even for ldap users. also, i created a brand new local user (not in the ldap directory) and that user can login via gdm and establish a gnome session.
i've done some searching, and i can only guess that this has something to do with pam and gdm. i've found mentions that ldap needs to be referenced in /etc/pam.d/gdm, however that config file does not exist on my gentoo box - there are other gdm related files for pam, of course. the gdm files in my pam.d config contain an include that eventually brings in system-auth, which is configured to let the command line auth against ldap.
anyone else running into a similar issue? any clues on how to solve this? is it pam config related? log files that i've looked at are either empty or not showing any errors.
Last edited by slaterson on Wed Aug 07, 2019 1:53 pm; edited 1 time in total |
|
| Back to top |
|
 |
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Fri Nov 16, 2018 12:51 am Post subject: |
|
|
please, don't all reply to help at once. 
i played with gdm-launch-session and gdm-password and ultimately ended up making things worse. after reverting most of those changes, i decided to emerge slim and try it in place of gdm. and it works. so, i'm guessing this is indeed something isolated with gdm and ldap, still can't find log entries that will provide any clues as to what is actually happening. |
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Sat Nov 17, 2018 6:55 am Post subject: |
|
|
| slaterson wrote: | please, don't all reply to help at once.
i played with gdm-launch-session and gdm-password and ultimately ended up making things worse. after reverting most of those changes, i decided to emerge slim and try it in place of gdm. and it works. so, i'm guessing this is indeed something isolated with gdm and ldap, still can't find log entries that will provide any clues as to what is actually happening. |
This sounds an aweful lot like what I am experiencing right now.
https://forums.gentoo.org/viewtopic-t-1089518.html
Did you get the same problems after updating xorg? I have been able to find the following. I don't know what caused it though. There is an entry in a file which may cause conflict. In
| Code: | | /etc/gdm/custom.conf |
you must set WaylandEnable=false if you are using X. Personally I don't know if this is not the case for me as I got out of bed 5 minutes ago. It is just something I thought of.
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium." |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Nov 18, 2018 3:20 pm Post subject: |
|
|
thanks.
i uncommented the line, however it made no difference. login works perfectly fine with gdm for a local user. for ldap, it tries then goes back to the gdm greeter...  |
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Sun Nov 18, 2018 3:22 pm Post subject: |
|
|
| slaterson wrote: | thanks.
i uncommented the line, however it made no difference. login works perfectly fine with gdm for a local user. for ldap, it tries then goes back to the gdm greeter... |
What init system do you use?
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium." |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Nov 18, 2018 4:57 pm Post subject: |
|
|
| systemd. i'm running gnome. |
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Sun Nov 18, 2018 4:59 pm Post subject: |
|
|
| slaterson wrote: | | systemd. i'm running gnome. |
What output does
systemctl --type=service
Give? I have a feeling that we both may have the problem rooted in the same place.
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium."
Last edited by ZappingLinux on Sun Nov 18, 2018 5:01 pm; edited 1 time in total |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Nov 18, 2018 5:01 pm Post subject: |
|
|
| Code: | # systemctl --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION
accounts-daemon.service loaded active running Accounts Service
alsa-restore.service loaded active exited Save/Restore Sound Card State
colord.service loaded active running Manage, Install and Generate Color Profiles
dbus.service loaded active running D-Bus System Message Bus
geoclue.service loaded active running Location Lookup Service
getty@tty1.service loaded active running Getty on tty1
kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel
NetworkManager-wait-online.service loaded active exited Network Manager Wait Online
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service
slim.service loaded active running SLiM Simple Login Manager
sshd.service loaded active running OpenSSH server daemon
systemd-fsck-root.service loaded active exited File System Check on Root Device
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
● systemd-modules-load.service loaded failed failed Load Kernel Modules
systemd-networkd-wait-online.service loaded active exited Wait for Network to be Configured
systemd-networkd.service loaded active running Network Service
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-resolved.service loaded active running Network Name Resolution
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manager
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
udisks2.service loaded active running Disk Manager
upower.service loaded active running Daemon for power management
user-runtime-dir@0.service loaded active exited /run/user/0 mount wrapper
user@0.service loaded active running User Manager for UID 0
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
35 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'. |
|
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Sun Nov 18, 2018 5:09 pm Post subject: |
|
|
| slaterson wrote: | | Code: | # systemctl --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION
accounts-daemon.service loaded active running Accounts Service
alsa-restore.service loaded active exited Save/Restore Sound Card State
colord.service loaded active running Manage, Install and Generate Color Profiles
dbus.service loaded active running D-Bus System Message Bus
geoclue.service loaded active running Location Lookup Service
getty@tty1.service loaded active running Getty on tty1
kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel
NetworkManager-wait-online.service loaded active exited Network Manager Wait Online
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service
slim.service loaded active running SLiM Simple Login Manager
sshd.service loaded active running OpenSSH server daemon
systemd-fsck-root.service loaded active exited File System Check on Root Device
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
● systemd-modules-load.service loaded failed failed Load Kernel Modules
systemd-networkd-wait-online.service loaded active exited Wait for Network to be Configured
systemd-networkd.service loaded active running Network Service
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-resolved.service loaded active running Network Name Resolution
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manager
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
udisks2.service loaded active running Disk Manager
upower.service loaded active running Daemon for power management
user-runtime-dir@0.service loaded active exited /run/user/0 mount wrapper
user@0.service loaded active running User Manager for UID 0
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
35 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'. |
|
Your problem is different from mine. How come your systemd is unable to load modules at all? My gdm user account doesn't get loaded properly which causes all sorts of problems with the log in manager. The problem as far as I have been able to dig is indeed pam related. But i havent been able to dig any further. The post that I made contains all the stuff I have been able to find up to this point.
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium." |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Nov 18, 2018 5:12 pm Post subject: |
|
|
| are you using ldap? |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Nov 18, 2018 5:13 pm Post subject: |
|
|
| and to your question from earlier - xorg was included in a batch of updates i did. i then rebooted, and gdm no longer allows login and gnome session start for anyone that is NOT a local user. |
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Sun Nov 18, 2018 5:18 pm Post subject: |
|
|
| slaterson wrote: | | and to your question from earlier - xorg was included in a batch of updates i did. i then rebooted, and gdm no longer allows login and gnome session start for anyone that is NOT a local user. |
I am able to start a gnome session by deploying startx on boot but gdm is just not working properly. That xorg update really did mess people up
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium." |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Nov 18, 2018 5:47 pm Post subject: |
|
|
how are you starting the gnome session with startx? "exec gnome-session" in .xinitrc? i'll give that a try when i have some time later.
i'm pretty sure this is something between pam and gdm, just can't prove it.
also, no clue why modules-load is failing. system has always worked fine, never noticed it until i ran the command you requested today. |
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Sun Nov 18, 2018 6:09 pm Post subject: |
|
|
| slaterson wrote: | how are you starting the gnome session with startx? "exec gnome-session" in .xinitrc? i'll give that a try when i have some time later.
i'm pretty sure this is something between pam and gdm, just can't prove it.
also, no clue why modules-load is failing. system has always worked fine, never noticed it until i ran the command you requested today. |
Yeah. I just boot up to cli every time now and run startx manually. Just make a .xinitrc and put that in there. You should look at the thread I linked in here. It contains a ton of diagnostics. Perhaps you too can run some of it and post the interesting bits.
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium." |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Nov 18, 2018 8:06 pm Post subject: |
|
|
so booting to command line and using the .xinitrc and startx combo work for me, slim does as well.
i looked at your other thread, i picked up two pieces of info that were helpful however i'm still stuck.
1) i fixed the systemd-modules-load issue - i upgraded my kernel and forgot to re-emerge the virtualbox modules. once i re-emerged the modules, that service starts as expected.
2) i ran journalctl --since today -g -gdm and found the (below) when i try to login as a non-local user (ldap)
| Code: | Nov 18 11:58:24 tarsier gdm-password][20944]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty7 ruser= rhost= user=<blah>
Nov 18 11:58:24 tarsier gdm-password][20944]: pam_unix(gdm-password:session): session opened for user <blah> by (uid=0)
Nov 18 11:58:24 tarsier gdm-password][20944]: pam_systemd(gdm-password:session): Failed to create session: No such file or directory
Nov 18 11:58:25 tarsier gdm-password][20944]: pam_unix(gdm-password:session): session closed for user <blah>
Nov 18 11:58:25 tarsier gdm[20688]: GdmDisplay: display lasted 1.430919 seconds |
(note i removed the user name and replaced with <blah>)
from this, seems gdm believes the user i am logging in with is UID 0, which it is most definitely not. |
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Mon Nov 19, 2018 9:28 am Post subject: |
|
|
| Quote: |
user-runtime-dir@0.service loaded active exited /run/user/0 mount wrapper
user@0.service loaded active running User Manager for UID 0
|
This was your output.
I was curious as to what this /run/user/#### thing does and found the following for a normal user account.
https://unix.stackexchange.com/questions/162900/what-is-this-folder-run-user-1000
As it turns out gdm also needs an account for it to mount it's processes and whatnot. Really convoluted and weird stuff haven't gotten to the total bottom of it.
Can you give me the output of
# systemctl status gdm.service
and
# cat /etc/passwd | grep "gdm"
to see what the gdm user account is?
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium." |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Mon Nov 19, 2018 2:58 pm Post subject: |
|
|
note that i have gdm disabled right now due to the issues i am having. i imagine this isn't very useful. | Code: | systemctl status gdm.service
● gdm.service - GNOME Display Manager
Loaded: loaded (/lib/systemd/system/gdm.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) UnloadModule: "libinput"
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) UnloadModule: "libinput"
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) UnloadModule: "libinput"
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) NVIDIA(GPU-0): Deleting GPU-0
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) Server terminated successfully (0). Closing log file.
Nov 18 11:58:25 tarsier gdm-password][20944]: pam_unix(gdm-password:session): session closed for user chris
Nov 18 11:58:25 tarsier gdm[20688]: GdmDisplay: display lasted 1.430919 seconds
Nov 18 12:09:45 tarsier systemd[1]: Stopping GNOME Display Manager...
Nov 18 12:09:45 tarsier gdm[20688]: GLib: g_hash_table_find: assertion 'version == hash_table->version' failed
Nov 18 12:09:45 tarsier systemd[1]: Stopped GNOME Display Manager. |
local... | Code: | cat /etc/passwd | grep "gdm"
gdm:x:115:997:added by portage for gdm:/var/lib/gdm:/sbin/nologin |
then also running getent to include local and ldap entries (nothing new, gdm is a local only user). | Code: | getent passwd | grep gdm
gdm:x:115:997:added by portage for gdm:/var/lib/gdm:/sbin/nologin |
|
|
| Back to top |
|
|
ZappingLinux
Tux's lil' helper
Joined: 13 Oct 2017
Posts: 117
Location: Delft, Netherlands
|
| Posted: Tue Nov 20, 2018 12:54 pm Post subject: |
|
|
| slaterson wrote: | note that i have gdm disabled right now due to the issues i am having. i imagine this isn't very useful. | Code: | systemctl status gdm.service
● gdm.service - GNOME Display Manager
Loaded: loaded (/lib/systemd/system/gdm.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) UnloadModule: "libinput"
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) UnloadModule: "libinput"
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) UnloadModule: "libinput"
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) NVIDIA(GPU-0): Deleting GPU-0
Nov 18 11:58:25 tarsier /usr/libexec/gdm-x-session[20954]: (II) Server terminated successfully (0). Closing log file.
Nov 18 11:58:25 tarsier gdm-password][20944]: pam_unix(gdm-password:session): session closed for user chris
Nov 18 11:58:25 tarsier gdm[20688]: GdmDisplay: display lasted 1.430919 seconds
Nov 18 12:09:45 tarsier systemd[1]: Stopping GNOME Display Manager...
Nov 18 12:09:45 tarsier gdm[20688]: GLib: g_hash_table_find: assertion 'version == hash_table->version' failed
Nov 18 12:09:45 tarsier systemd[1]: Stopped GNOME Display Manager. |
local... | Code: | cat /etc/passwd | grep "gdm"
gdm:x:115:997:added by portage for gdm:/var/lib/gdm:/sbin/nologin |
then also running getent to include local and ldap entries (nothing new, gdm is a local only user). | Code: | getent passwd | grep gdm
gdm:x:115:997:added by portage for gdm:/var/lib/gdm:/sbin/nologin |
|
This basically means that my issue is different from yours in the sense that your gdm isn't broken. For me it is though as user 115 gets loaded but fails on the other two fronts. This is very frustrating.
_________________
"If it's cold during winter, I'll have Gentoo recompile Chromium." |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Dec 16, 2018 3:20 pm Post subject: |
|
|
i've still got no resolution to this. i'm unable to find any details from slapd logs, gdm still refuses to allow a session to start when logging in via ldap, while slim and the command line do (although with limited functionality - i.e. screen blanking does not work with slim, which is expected, among a few other things that are annoying).
am i am the only one use ldap + gdm combo? i'm actually considering moving to a different distro to get this working, although that is an extreme last resort (been using gentoo for 10+ years now). |
|
| Back to top |
|
|
gordonp
Tux's lil' helper
Joined: 23 May 2005
Posts: 102
|
| Posted: Sun Feb 24, 2019 12:41 am Post subject: |
|
|
| slaterson wrote: |
am i am the only one use ldap + gdm combo? |
No, I have the same problem too. GDM plus my LDAP user won't work. I've also messed around with all sorts of /etc/pam.d/ settings, without success. It is interesting that using SLIM works for you; I am using LIGHTDM in the meantime, and it works (by "works" I mean I fire up Gnome and run Gnome-Session).
This has annoyed me for quite a while (perhaps a year???). My mostly-stable Desktop simply began failing for GDM login about a year ago... every few months I devote an day of my life to trying to troubleshoot it, without success.
I share your pain... |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sun Feb 24, 2019 11:08 pm Post subject: |
|
|
| gordonp wrote: | | slaterson wrote: |
am i am the only one use ldap + gdm combo? |
No, I have the same problem too. GDM plus my LDAP user won't work. I've also messed around with all sorts of /etc/pam.d/ settings, without success. It is interesting that using SLIM works for you; I am using LIGHTDM in the meantime, and it works (by "works" I mean I fire up Gnome and run Gnome-Session).
This has annoyed me for quite a while (perhaps a year???). My mostly-stable Desktop simply began failing for GDM login about a year ago... every few months I devote an day of my life to trying to troubleshoot it, without success.
I share your pain... |
i ended up creating a local user for the boxes on my network. it's crap, however works. i'm going to evaluate switching to a different distro for desktop use, it's pretty difficult to switch my server to something else.
I've also tried centos server/client combo with ldap & gdm, and it works flawlessly (with easier setup). i've used gentoo for over a decade, possibly 15 years now, and never run into anything as troubling as this ldap & gdm issue. really not great, and a tough decision to even consider another distro. |
|
| Back to top |
|
|
AJM
Apprentice
Joined: 25 Sep 2002
Posts: 189
Location: Aberdeen, Scotland
|
| Posted: Mon Feb 25, 2019 9:22 pm Post subject: |
|
|
| slaterson wrote: | | I've also tried centos server/client combo with ldap & gdm, and it works flawlessly (with easier setup). i've used gentoo for over a decade, possibly 15 years now, and never run into anything as troubling as this ldap & gdm issue. really not great, and a tough decision to even consider another distro. |
Your problem isn't Gentoo, it's GDM. Frankly, it's utter garbage and has been ever since the "big rewrite" at least a decade ago - when in typical Gnome style things that used to work stopped working, features were removed and extra bugs were added with zero advantage to the end user.
Why use it? Even XDM is vastly superior as far as I'm concerned (admittedly configuration isn't particularly obvious but it can look quite attractive with a tiny bit of effort and it's totally reliable IME.) |
|
| Back to top |
|
|
Leio
Developer
Joined: 27 Feb 2003
Posts: 494
Location: Estonia
|
| Posted: Wed Feb 27, 2019 4:04 pm Post subject: |
|
|
Try with gdm-3.30.3 please if you haven't yet
_________________
GNOME team lead; GStreamer; MIPS/ARM64 |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Thu Feb 28, 2019 5:53 pm Post subject: |
|
|
| Leio wrote: | | Try with gdm-3.30.3 please if you haven't yet |
it's not stable yet. if i'm feeling risky i'll give it a try this weekend. |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Wed Aug 07, 2019 1:52 pm Post subject: |
|
|
| this is resolved now. i rebuilt a box, used gnome without systemd, latest gnome and gdm (3.30), and ldap login via gdm is working again (with no local user required). |
|
| Back to top |
|
|
|
Desktop Environments
