Bug 533881 - configuration error - unknown item 'NCRYPT_METHOD' (notify administrator)
Summary: configuration error - unknown item 'NCRYPT_METHOD' (notify administrator)
Alias: None
Product: Fedora
Classification: Fedora
Component: authconfig
Version: 12
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2009-11-09 16:00 UTC by Paul Howarth
Modified: 2009-11-20 22:42 UTC (History)
2 users (show)

Fixed In Version: 5.4.14-1.fc12
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-11-20 05:34:52 UTC

Attachments (Terms of Use)
login.defs (1.51 KB, text/plain)
2009-11-09 20:48 UTC, Paul Howarth
no flags Details

Description Paul Howarth 2009-11-09 16:00:33 UTC
Description of problem:
Error message in summary appears after configuring LDAP auth using authconfig on the command line, but config otherwise seems to work OK.

Version-Release number of selected component (if applicable):

How reproducible:
Every time for me.

Steps to Reproduce:
# authconfig \
        --enableldap \
        --enableldapauth \
        --ldapserver=ldap://ldap.example.com/ \
        --ldaploadcacert=http://download.example.com/example-ca.crt \
        --enableldaptls \
        --ldapbasedn=dc=example,dc=com \
        --disablecache \

Actual results:
configuration error - unknown item 'NCRYPT_METHOD' (notify administrator)
LDAP login does work though...

Expected results:
The same, except for the error message.

Comment 1 Paul Howarth 2009-11-09 16:05:55 UTC
I get the following in syslog, which may help narrow down where the problem is:

grpconv[3051]: unknown configuration item `NCRYPT_METHOD'

Comment 2 Tomas Mraz 2009-11-09 20:14:35 UTC
I unfortunately cannot reproduce the problem on my F12 machine. Can you please attach here /etc/login.defs and /var/lib/authconfig/last/login.defs files?

Comment 3 Paul Howarth 2009-11-09 20:48:34 UTC
Created attachment 368286 [details]

My login.defs and last/login.defs are identical, probably because I re-ran authconfig so that I could copy-and-paste the command and error message into this bug. I can see the NCRYPT_METHOD entry in the file so I guess I just need to edit that out?

Here's how I got to this point:

 * I did an install of RC4 from DVD media, which doesn't set up networking
 * When firstboot ran, I clicked on "Use Network Login" with a view to setting up LDAP auth, but this failed when I tried to download the CA certificate to enable TLS - presumably because of the lack of network (why is this option available when there's no network anyway?) - so I gave up on that option and created a dummy local user instead
 * I logged in as the dummy local user and then ran authconfig, with the results as described
 * After rebooting and logging in with an LDAP account, I deleted the dummy local account
 * I tried re-running authconfig, with the same result

Comment 4 Tomas Mraz 2009-11-10 09:09:30 UTC
I've tried a fresh install of rawhide from network in a virtual machine and followed your steps above, but I was unable to reproduce it. I reviewed the code which writes login.defs in authconfig and did not find anything suspicious. So unfortunately without a reproducer I am unable to fix this problem.

Comment 5 Paul Howarth 2009-11-10 14:13:44 UTC
I've managed to reproduce this in a KVM (x86_64) install using RC4.

Something I forgot to mention is that after selecting LDAP Auth in the first boot screen and clicking "Configure LDAP...", then going to the download CA certificate dialog and failing to download the cert, I clicked on "Revert" to undo all of the changes I'd made so far and then set up the dummy local user. Perhaps it's the "revert" process that's doing the damage?

Comment 6 Tomas Mraz 2009-11-11 14:46:46 UTC
There is a bug (missing truncation of the old file) in the revert code. The configuration file writing in authconfig should be also improved to be better resilient to crashes. For now I am just fixing the missing truncation.

Comment 7 Fedora Update System 2009-11-11 22:50:49 UTC
authconfig-5.4.14-1.fc12 has been submitted as an update for Fedora 12.

Comment 8 Fedora Update System 2009-11-13 02:28:29 UTC
authconfig-5.4.14-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update authconfig'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-11461

Comment 9 Fedora Update System 2009-11-20 05:34:48 UTC
authconfig-5.4.14-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Tore Anderson 2009-11-20 19:08:23 UTC
I just ran into this bug.  I was adding another user using the GUI tools, but went in the wrong place to where you configure LDAP and stuff like that, and exited out from there, acknowledging to reverting my changes.  I then proceeded to add my test user.

After that I could not log in as any user.  GDM fails with «unable to open session», and console logins just say «permission deined» very briefly before the screen clears and the login prompt is redrawn.

The «unknown item 'NCRYPT_METHOD' (notify administrator)» error I got (in a localised version) when running "userdel -r test" from single-user mode, I was thinking maybe that one was related somehow but it appeared not.

I managed to install the updated authconfig and authconfig-gtk RPMs by booting into single-user mode and installing them from a USB stick, but I still can not log in.  So my system is currently hosed.  :-(  Any suggestions on how to fix it would be _greatly_ appreciated - I don't think this could have happened at a more unfortunate time...


Comment 11 Paul Howarth 2009-11-20 20:38:56 UTC
You should be able to edit out the NCRYPT_METHOD line from /etc/login.defs to get rid of the message, but I don't think that's what's preventing you logging in.

Have you run authconfig-tui in single-user mode to try to fix the system?

Comment 12 Tore Anderson 2009-11-20 21:31:10 UTC
No, I hadn't tried it, but it certainly did the trick!  Thank you very much for that, Paul - I owe you a beer or three.  ;-)

I did get the NCRYPT_METHOD error right after I exited authconfig-tui, though.  But it didn't seem to matter - it works beautifully now, just like before.


Comment 13 Tomas Mraz 2009-11-20 22:42:32 UTC
The brokenness was probably also in some other configuration file which you managed to fix with authconfig-tui.

As for the NCRYPT_METHOD error - the new authconfig will not delete the NCRYPT_METHOD line from the /etc/login.defs, please just manually delete it from there.

Note You need to log in before you can comment on or make changes to this bug.