[Bug 1764853] Re: winbind returns PAM_AUTHINFO_UNAVAIL on first login after reboot

msaxl 1764853 at bugs.launchpad.net
Sat Apr 21 16:59:26 UTC 2018 

Some testresults:
resolv.conf dns server*, nsswitch setting, hosts contains 127.0.1.1 entry, result
---------------------------------------------------------------------------------
127.0.0.53             , file resolve dns, no                            , fails
127.0.1.1              , file resolve dns, no                            , fails
127.0.0.53             , file dns        , no                            , works
127.0.1.1              , file dns        , no                            , works
127.0.0.53             , file resolve dns, yes                           , works
127.0.1.1              , file resolve dns, yes                           , works

* if 127.0.0.53, symlink to /lib/systemd/resolve.conf is in use

Conclusion: the problem is in nss_resolve

since nss_resolve should use dbus, I checked with dbus-monitor --system what is sent.
If you are able to reproduce this problem: To me it seems that the request is sent after the timeout already happened. Also while the login attempt is running, systemd-resolve is not working. Do you know a situation dbus-daemon is blocking?. If this proves true, what could cause this?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1764853

Title:
  winbind returns PAM_AUTHINFO_UNAVAIL on first login after reboot

Status in samba package in Ubuntu:
  Incomplete

Bug description:
  The following issue exists only on Ubuntu 18.04

  I've upgraded ubuntu from 17.10 and noticed that winbind does not work well.
  90% of the time I reboot my system I'm getting PAM_AUTHINFO_UNAVAIL when trying to log in with a domain account.
  clicking login again on the login screen most of the time succeeds (so the password is correct)

  I've checked if it works if I wait 10 minutes before logging in, no success, so it is not a timing issue.
  Also I've checked if winbind is working (log in with ssh using a local account)
  getent passwd xy and wbinfo -K user%pwd both work always.

  Now my workaround is putting
  winbind request timeout = 3
  in smb.conf, since the PAM_AUTHINFO_UNAVAIL is returned about 60sec after trying to login. This workaround solves nothing, it only makes logging in faster. (But now it fails mostly two times, but waiting 6 seconds is better than 60)

  To me it seems like deadlock, but I was unable to track it since it
  happens only on the first login. Then I would have to reboot
  (restarting winbind does not trigger it twice, also removing all
  caches in /run/samba does not trigger it twice)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1764853/+subscriptions

More information about the foundations-bugs mailing list