[Bug 1677329] Re: libpam-winbind: unable to dlopen

Andreas Hasenack andreas at canonical.com
Wed Jun 21 13:33:30 UTC 2017


** Description changed:

- The pam winbind module seems to be broken on current 17.04 beta2.
+ [Impact]
  
- Mar 29 18:28:21 daw0 lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
- Mar 29 18:28:21 daw0 lightdm: PAM adding faulty module: pam_winbind.so
+ The pam_winbind.so module is unusable in zesty. It won't load because of
+ missing symbols:
  
- I get this error message after a fresh install of Ubuntu GNOME and
- libpam-winbind when logging in with an account that should not exist
- anywhere. No winbind configuration done yet, but had seen this error
- message than also.
+ Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to
+ dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared
+ object file: No such file or directory
+ 
+ This is due to the (re)introduction of patch fix-1584485.patch which
+ changes the way this module is built, trying to statically link some
+ libraries. That linking was incorrectly done.
+ 
+ The patch was subsequently removed, but later added back again by
+ mistake during a huge sync.
+ 
+ A new version of the patch exists, but upstream (Samba) isn't very fond
+ of such a change and asked to submit it for discussion to the samba-
+ technical mailing list.
+ 
+ That was done, but since this could take some time, we decided it's best
+ to revert the patch one more time.
+ 
+ [Test Case]
+ 
+ In a zesty machine/container:
+  * sudo apt install libpam-winbind winbind samba
+  * tail -f /var/log/auth.log
+  * perform a login on this machine. Via ssh, for example
+  * the broken version will log this:
+ Jun 21 13:17:05 zesty-pamwinbind-1677329 systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
+  * The fixed version will load winbind just fine, but won't log anything (unless you fully setup winbind). It's easier to add "debug" to the pam_winbind.so lines in /etc/pam.d/common-* files and repeat the login, then you get to see it being loaded in the logs
+ 
+ [Regression Potential]
+ 
+ This reversal has been done before and worked. Right now, the biggest
+ regression potential is to add the broken patch back again.
+ 
+ [Other Info]
+ Sorry for keeping both bugs open (#1644428 and #1677329), but the history on this issue is a bit complicated with multiple SRUs and regressions.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1677329

Title:
  libpam-winbind: unable to dlopen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1677329/+subscriptions



More information about the Ubuntu-server-bugs mailing list