Author Topic: Problems installing any graphical interface after installing AD-DC module.  (Read 1221 times)

JLLEWELYN

  • Zen Monk
  • **
  • Posts: 65
  • Karma: +5/-0
    • View Profile
Hello to the zentyal team and its users.
I have several months trying to find the solution to this problem, when installing the graphical interface of zenbuntu-desktop or the same one of ubuntu-desktop. When the screen is locked in a login cycle when I try to enter my desktop. When I log in, the screen turns black and soon after the login screen reappears.

I took the job of doing several tests until I found the problem, modified the following files.
After installing the module: Active Directory Domain Controller.
He modifies the files:
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-password
/etc/pam.d/common-session
/etc/pam.d/common-session-noninteractive


Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-account.backup /etc/pam.d/common-account
16,19c16,20
< # here are the per-package modules (the "Primary" block)
< account       [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so
< # here's the fallback if no module succeeds
< account       requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # account    [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so
> # pre_auth-client-config # account    [success=1 new_authtok_reqd=done default=ignore]        pam_winbind.so
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # account    requisite                       pam_deny.so
23,25c24,30
< account       required                        pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< # end of pam-auth-update config
---
> # pre_auth-client-config # account    required                        pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # # end of pam-auth-update config
> account [success=1 new_authtok_reqd=done default=ignore]    pam_unix.so
> account requisite           pam_deny.so
> account required            pam_permit.so
> account sufficient          pam_localuser.so

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-auth.backup /etc/pam.d/common-auth
16,19c16,20
< # here are the per-package modules (the "Primary" block)
< auth  [success=1 default=ignore]      pam_unix.so nullok_secure
< # here's the fallback if no module succeeds
< auth  requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # auth       [success=2 default=ignore]      pam_unix.so nullok_secure
> # pre_auth-client-config # auth       [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # auth       requisite                       pam_deny.so
23,26c24,31
< auth  required                        pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< auth  optional                        pam_cap.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # auth       required                        pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # auth       optional                        pam_cap.so
> # pre_auth-client-config # # end of pam-auth-update config
> auth    [success=1 default=ignore]  pam_unix.so nullok_secure
> auth    requisite           pam_deny.so
> auth    required            pam_permit.so
> auth    optional            pam_cap.so

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-password.backup /etc/pam.d/common-password
24,27c24,29
< # here are the per-package modules (the "Primary" block)
< password      [success=1 default=ignore]      pam_unix.so obscure sha512
< # here's the fallback if no module succeeds
< password      requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # password   requisite                       pam_pwquality.so retry=3
> # pre_auth-client-config # password   [success=2 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512
> # pre_auth-client-config # password   [success=1 default=ignore]      pam_winbind.so use_authtok try_first_pass
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # password   requisite                       pam_deny.so
31,34c33,40
< password      required                        pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< password      optional        pam_gnome_keyring.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # password   required                        pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # password   optional        pam_gnome_keyring.so
> # pre_auth-client-config # # end of pam-auth-update config
> password requisite                   pam_pwquality.so retry=3
> password [success=2 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512
> password requisite                   pam_deny.so
> password required                    pam_permit.so

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-session.backup /etc/pam.d/common-session
15,18c15,18
< # here are the per-package modules (the "Primary" block)
< session       [default=1]                     pam_permit.so
< # here's the fallback if no module succeeds
< session       requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # session    [default=1]                     pam_permit.so
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # session    requisite                       pam_deny.so
22c22
< session       required                        pam_permit.so
---
> # pre_auth-client-config # session    required                        pam_permit.so
27,31c27,38
< session optional                      pam_umask.so
< # and here are more per-package modules (the "Additional" block)
< session       required        pam_unix.so
< session       optional        pam_systemd.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # session optional                   pam_umask.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # session    required        pam_unix.so
> # pre_auth-client-config # session    optional                        pam_winbind.so
> # pre_auth-client-config # session    optional        pam_systemd.so
> # pre_auth-client-config # # end of pam-auth-update config
> session [default=1] pam_permit.so
> session requisite   pam_deny.so
> session required    pam_permit.so
> session optional    pam_umask.so
> session required    pam_unix.so
> session required    pam_mkhomedir.so skel=/etc/skel/ umask=0077

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-session-noninteractive.backup /etc/pam.d/common-session-noninteractive
29a30
> session       optional                        pam_winbind.so
« Last Edit: January 21, 2019, 06:30:04 am by JLLEWELYN »

JLLEWELYN

  • Zen Monk
  • **
  • Posts: 65
  • Karma: +5/-0
    • View Profile
Apparently nobody understands me, when I install gnome-desktop on ubuntu server, previously installed the zentyal package without the zentyal-samba module.
you can start session without problems in graphic environment.

After installing the zentyal-samba module, it is no longer possible to log in to the graphical environment.

all because the zentyal-samba module modifies the PAM Authentication files.

/etc/pam.d/common-account
When ubuntu-desktop is installed:
Code: [Select]
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
After installing zentyal-samba:
Code: [Select]
account [success=1 new_authtok_reqd=done default=ignore]    pam_unix.so
account requisite           pam_deny.so
account required            pam_permit.so
account sufficient          pam_localuser.so
Installing zentyal server from the ISO with graphic interface (zenbuntu-desktop):
Code: [Select]
account [success=1 new_authtok_reqd=done default=ignore]    pam_unix.so
account requisite           pam_deny.so
account required            pam_permit.so
account sufficient          pam_localuser.so

/etc/pam.d/common-auth
When ubuntu-desktop is installed:
Code: [Select]
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so
After installing zentyal-samba:
Code: [Select]
auth    [success=1 default=ignore]  pam_unix.so nullok_secure
auth    requisite           pam_deny.so
auth    required            pam_permit.so
auth    optional            pam_cap.so
Installing zentyal server from the ISO with graphic interface (zenbuntu-desktop):
Code: [Select]
auth    [success=1 default=ignore]  pam_unix.so nullok_secure
auth    requisite           pam_deny.so
auth    required            pam_permit.so
auth    optional            pam_cap.so

/etc/pam.d/common-password
When ubuntu-desktop is installed:
Code: [Select]
password [success=1 default=ignore] pam_unix.so obscure sha512
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so
After installing zentyal-samba:
Code: [Select]
password requisite                   pam_pwquality.so retry=3
password [success=2 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512
password requisite                   pam_deny.so
password required                    pam_permit.so
Installing zentyal server from the ISO with graphic interface (zenbuntu-desktop):
Code: [Select]
password requisite                   pam_pwquality.so retry=3
password [success=2 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512
password requisite                   pam_deny.so
password required                    pam_permit.so

/etc/pam.d/common-session
When ubuntu-desktop is installed:
Code: [Select]
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session optional pam_systemd.so
After installing zentyal-samba:
Code: [Select]
session [default=1] pam_permit.so
session requisite   pam_deny.so
session required    pam_permit.so
session optional    pam_umask.so
session required    pam_unix.so
session required    pam_mkhomedir.so skel=/etc/skel/ umask=0077
Installing zentyal server from the ISO with graphic interface (zenbuntu-desktop):
Code: [Select]
session [default=1] pam_permit.so
session requisite   pam_deny.so
session required    pam_permit.so
session optional    pam_umask.so
session required    pam_unix.so
session required    pam_mkhomedir.so skel=/etc/skel/ umask=0077

/etc/pam.d/common-session-noninteractive
When ubuntu-desktop is installed:
Code: [Select]
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
After installing zentyal-samba:
Code: [Select]
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session optional pam_winbind.so
Installing zentyal server from the ISO with graphic interface (zenbuntu-desktop):
Code: [Select]
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session optional pam_winbind.so

the part that I do not understand because when I install zentyal server by packages, the graphic environment "zenbuntu-desktop" or "ubuntu-desktop" on ubuntu server does not allow login either.

But installing zentyal server from the iso with graphical interface, has no problems.

I want to try to manually correct this problem, modifying the template that is this file:
/usr/share/zentyal/stubs/samba/acc-zentyal.mas
but I have no idea how to do it.
« Last Edit: January 27, 2019, 12:08:11 am by JLLEWELYN »