[Bug 870874] Re: LDAP user with automounted nfs homedir cannot login

[Sakari Maaranen]

I also think this bug should get HIGH priority. LDAP is essential for so
many deployments.

I also recommend testing that "sudo", "su -" and "sudo su -" work as
expected from LDAP-only user accounts. I'm experiencing this bug with
LDAP user accounts, but I worked around it using instructions found in
this bug report. However, there's an additional problem probably related
to this, which doesn't go away:

I have a user account "johndoe" that only exists in LDAP. That user
account belongs to local groups "sudo" and "admin" as specified in
/etc/group.

 ~# getent passwd johndoe
 johndoe:x:10003:10003:John Doe:/home/johndoe:/bin/bash

 ~# getent group sudo
 sudo:x:27:johndoe

 ~# getent group admin
 admin:x:118:johndoe

 ~# cat /etc/sudoers | grep '%[admin|sudo]'
 %admin ALL=(ALL) ALL
 %sudo	ALL=(ALL:ALL) ALL

I have NOT set ignore_local_sudoers so it should work with LDAP and local /etc/sudoers file.
But sudo is not working. What happens instead is:

 johndoe at host:~$ sudo su
 sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
 johndoe at host:~$ su -
 Password: ***CORRECT*PASSWORD***
 su: Authentication failure
 johndoe at host:~$ sudo cat /etc/group
 sudo: setreuid(ROOT_UID, user_uid): Operation not permitted

These problems may be related, so I recommend checking sudo and su as
well when investigating and testing this bug.

-- 
You received this bug notification because you are a member of
Accessibility, which is subscribed to at-spi2-core in Ubuntu.
https://bugs.launchpad.net/bugs/870874

Title:
  LDAP user with automounted nfs homedir cannot login

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/at-spi2-core/+bug/870874/+subscriptions