Re: User login issue

To: roman.meier@gismap.ch
Cc: debian-edu@lists.debian.org
Subject: Re: User login issue
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Sat, 06 Jan 2024 12:45:24 +0000
Message-id: <[🔎] 20240106124524.Horde.G18YAIueQfukuC5J1ANKS-i@mail.das-netzwerkteam.de>
In-reply-to: <[🔎] 1299049070.1014085.1704539791147@office.hostpoint.ch>
References: <[🔎] 1053041503.968577.1704470650469@office.hostpoint.ch> <[🔎] 20240105220147.Horde.Sii_0aa9oH0es0Zic1t4pcX@mail.das-netzwerkteam.de> <[🔎] 1299049070.1014085.1704539791147@office.hostpoint.ch>

Hi Roman,

On  Sa 06 Jan 2024 12:16:31 CET, roman.meier wrote:

I can create a new user but the behavior is the same: I cannot loginon the server. Login into GOsa2 works fine.


This very likely means that your Kerberos layer / service stack is broken.

Do you have libpam-krb5 installed on TJENER? (That would be an easy solution).

Does the new user object in LDAP have krb* LDAP attributes?

If you launch kadmin.local and then enter "list_principals": do anyKerberos principals (users and/or hosts and/or services) get shown? Dothe user accounts that fail login get listed by this?

If the new LDAP users don't get listed, try "add_princ -policy users<uid>" and try login from another tty.


If the new LDAP users get listed, try to set their password using "cpw <uid>".

Please also let me/us know what versions of Debian Edu you haveinstalled (11 or 12)? If 12, have you upgraded to latest packageversions? There was a bug in Debian Edu 12's debian-edu-config thatonly got resolved recently:


```
debian-edu-config (2.12.41~deb12u1) bookworm; urgency=medium

  * Upload to bookworm.

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 03 Dec 2023 08:45:42 +0100

debian-edu-config (2.12.41) unstable; urgency=medium

  [ Guido Berhoerster ]
  * gosa-sync: Decode the user password which GOsa substitutes base64 encoded.
    This fixes a bug where the user password could not be set or changed.
    (related to #1052159).

 -- Mike Gabriel <sunweaver@debian.org>  Fri, 01 Dec 2023 21:44:38 +0100
```

This fix in d-e-c goes together with a fix in gosa:

```
gosa (2.8~git20230203.10abe45+dfsg-1+deb12u2) bookworm; urgency=medium

  [ Daniel Teichmann ]
  * debian/patches:
    [...]
    + Add 1044_fix-class-ldap-serialization.patch which fixes a few bugs
      regarding serialization. This especially fixes setting LDAP userPassword
      attribute types via GOsa². (Closes: #1052159).
    + Add 1045_fix-posixaccount-shadowExpire.patch which fixes shadowExpire
      always being set to 0. (User can't login then). (Closes: #1053806).

  [ Guido Berhoerster ]
  * debian/patches:
    [...]

  [ Mike Gabriel ]
  * debian/patches:
    [...]

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 03 Dec 2023 08:16:31 +0100

If you Debian Edu 12, simply upgrading d-e-c and gosa to thereferenced versions should help.


Mike
```
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpwSCMW6Etnx.pgp
Description: Digitale PGP-Signatur

Reply to:

Follow-Ups:
- Re: User login issue
  - From: roman.meier@gismap.ch

References:
- User login issue
  - From: roman.meier@gismap.ch
- Re: User login issue
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Re: User login issue
  - From: roman.meier@gismap.ch

Prev by Date: Re: User login issue
Next by Date: Re: User login issue
Previous by thread: Re: User login issue
Next by thread: Re: User login issue
Index(es):
- Date
- Thread