openSUSE 11.2 as domain member

user · December 1, 2009, 9:47pm

I installed oS11.2 today and configured it during install to join and authenticate from a Windows domain. oS11.2 joined the domain okay and authentication works well… as long as the username doesn’t have a space in it. Unfortunately, all of our domain usernames have spaces in them.

After logging in with my normal account, the GUI logon flashes black for a second then comes right back to the logon.

Here’s what I’m seeing in the /var/log/messages when this happens.


Dec  1 14:25:43 jacerapvsv06 kdm: :0[8858]: pam_winbind(xdm:auth): getting password (0x00000390)
Dec  1 14:25:43 jacerapvsv06 kdm: :0[8858]: pam_winbind(xdm:auth): pam_get_item returned a password
Dec  1 14:25:43 jacerapvsv06 kdm: :0[8858]: pam_winbind(xdm:auth): user 'OMNIPATH\K Stark' granted access
Dec  1 14:25:43 jacerapvsv06 kdm: :0[8858]: pam_winbind(xdm:account): user 'OMNIPATH\K Stark' granted access
Dec  1 14:25:43 jacerapvsv06 kdm: :0 '[9295]: Startup script returned non-zero exit code
Dec  1 14:25:43 jacerapvsv06 kdm: :0[8858]: Reset script returned non-zero exit code
Dec  1 14:25:43 jacerapvsv06 kdm: :0[8858]: pam_winbind(xdm:setcred): user 'OMNIPATH\K Stark' OK

I created another acount with no spaces and it works fine, see here:


Dec  1 14:39:33 jacerapvsv06 kdm: :0[9333]: pam_winbind(xdm:auth): getting password (0x00000390)
Dec  1 14:39:33 jacerapvsv06 kdm: :0[9333]: pam_winbind(xdm:auth): pam_get_item returned a password
Dec  1 14:39:33 jacerapvsv06 kdm: :0[9333]: pam_winbind(xdm:auth): user 'OMNIPATH\KStark' granted access
Dec  1 14:39:33 jacerapvsv06 kdm: :0[9333]: pam_winbind(xdm:account): user 'OMNIPATH\KStark' granted access

Thoughts? Thanks.

syampillai · December 1, 2009, 10:41pm

I am more or less sure that spaces in login name will cause problems.
However, I am not sure about any fixes in your case (for example: to map it to names without spaces etc.). Someone more familiar with such things may respond.

venzkep · December 2, 2009, 12:30am

On Tue December 1 2009 02:56 pm, K Stark wrote:

>
> I installed oS11.2 today and configured it during install to join and
> authenticate from a Windows domain. oS11.2 joined the domain okay and
> authentication works well… as long as the username doesn’t have a
> space in it. Unfortunately, all of our domain usernames have spaces in
> them.
>
<snip>
>
> Thoughts? Thanks.
>
>
K Stark;

Did you try enclosing the user name in quotes? e.g. “user name”

Just something to try. My two cents worth.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

user · December 2, 2009, 3:53am

Hey guys, thanks for the replies and scratching your heads with me on this one.

@venzkep: Yes, I have tried enclosing the username in quotes. With quotes, authentication simply fails. Sans quotes, authentication initially succeeds but, as shown, something in “startup script” returns non-zero which resets the logon.

@syampillai: I was just looking at name mapping options. Never done that before so not sure how it all works together. I assume you’re talking about /etc/samba/smbusers? That’s the avenue I’m currently investigating, I’ll post back with how it turns out.

user · December 2, 2009, 4:08am

FWIW… it may be worth mentioning that the username with spaces CAN authenticate via SSH, though I get several error messages before settling at a prompt. Sans spaces, SSH logon is smooth as glass. Being able to SSH based on the domain account, even with spaces, gives me hope that this can be worked out but the details are beyond me for the moment.

Thx

cjcox · December 2, 2009, 6:18am

On Tue, 2009-12-01 at 20:56 +0000, K Stark wrote:
> I installed oS11.2 today and configured it during install to join and
> authenticate from a Windows domain. oS11.2 joined the domain okay and
> authentication works well… as long as the username doesn’t have a
> space in it. Unfortunately, all of our domain usernames have spaces in
> them.

Very poor scripting on the part of openSUSE I’m afraid.

You need to find ALL of the scripts (and there’s a TON of them)
that are executed at login… for example it all start with
/etc/profile… and then find the lines using $HOME for pathing,
testing, etc. and quote them appropriately. There’s some
bad scripting in some places using back-ticks… it can
be rewritten though…

I think it’s worthwhile writing up a bugzilla on this one.

Anyway… I fixed mine

What do you need to fix? See above and have a lot of fun!

Hint: you can put a set -x inside of /etc/profile to help
track them all down if you’re having difficulty finding
them all.

user · December 3, 2009, 9:30pm

CJ, thanks for the reply. I think you nailed it – “just” a matter of making all the scripts space friendly.

See above and have a lot of fun!

Have a lot of fun? LOL, how very openSUSE of you!

Not sure what you mean by “you can put a set -x inside of /etc/profile to help track them all down”. Where in /etc/profile would I “set -x” ?

Thanks