Description of problem:
Error message in summary appears after configuring LDAP auth using authconfig on the command line, but config otherwise seems to work OK.
Version-Release number of selected component (if applicable):
Every time for me.
Steps to Reproduce:
# authconfig \
configuration error - unknown item 'NCRYPT_METHOD' (notify administrator)
LDAP login does work though...
The same, except for the error message.
I get the following in syslog, which may help narrow down where the problem is:
grpconv: unknown configuration item `NCRYPT_METHOD'
I unfortunately cannot reproduce the problem on my F12 machine. Can you please attach here /etc/login.defs and /var/lib/authconfig/last/login.defs files?
Created attachment 368286 [details]
My login.defs and last/login.defs are identical, probably because I re-ran authconfig so that I could copy-and-paste the command and error message into this bug. I can see the NCRYPT_METHOD entry in the file so I guess I just need to edit that out?
Here's how I got to this point:
* I did an install of RC4 from DVD media, which doesn't set up networking
* When firstboot ran, I clicked on "Use Network Login" with a view to setting up LDAP auth, but this failed when I tried to download the CA certificate to enable TLS - presumably because of the lack of network (why is this option available when there's no network anyway?) - so I gave up on that option and created a dummy local user instead
* I logged in as the dummy local user and then ran authconfig, with the results as described
* After rebooting and logging in with an LDAP account, I deleted the dummy local account
* I tried re-running authconfig, with the same result
I've tried a fresh install of rawhide from network in a virtual machine and followed your steps above, but I was unable to reproduce it. I reviewed the code which writes login.defs in authconfig and did not find anything suspicious. So unfortunately without a reproducer I am unable to fix this problem.
I've managed to reproduce this in a KVM (x86_64) install using RC4.
Something I forgot to mention is that after selecting LDAP Auth in the first boot screen and clicking "Configure LDAP...", then going to the download CA certificate dialog and failing to download the cert, I clicked on "Revert" to undo all of the changes I'd made so far and then set up the dummy local user. Perhaps it's the "revert" process that's doing the damage?
There is a bug (missing truncation of the old file) in the revert code. The configuration file writing in authconfig should be also improved to be better resilient to crashes. For now I am just fixing the missing truncation.
authconfig-5.4.14-1.fc12 has been submitted as an update for Fedora 12.
authconfig-5.4.14-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update authconfig'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-11461
authconfig-5.4.14-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
I just ran into this bug. I was adding another user using the GUI tools, but went in the wrong place to where you configure LDAP and stuff like that, and exited out from there, acknowledging to reverting my changes. I then proceeded to add my test user.
After that I could not log in as any user. GDM fails with «unable to open session», and console logins just say «permission deined» very briefly before the screen clears and the login prompt is redrawn.
The «unknown item 'NCRYPT_METHOD' (notify administrator)» error I got (in a localised version) when running "userdel -r test" from single-user mode, I was thinking maybe that one was related somehow but it appeared not.
I managed to install the updated authconfig and authconfig-gtk RPMs by booting into single-user mode and installing them from a USB stick, but I still can not log in. So my system is currently hosed. :-( Any suggestions on how to fix it would be _greatly_ appreciated - I don't think this could have happened at a more unfortunate time...
You should be able to edit out the NCRYPT_METHOD line from /etc/login.defs to get rid of the message, but I don't think that's what's preventing you logging in.
Have you run authconfig-tui in single-user mode to try to fix the system?
No, I hadn't tried it, but it certainly did the trick! Thank you very much for that, Paul - I owe you a beer or three. ;-)
I did get the NCRYPT_METHOD error right after I exited authconfig-tui, though. But it didn't seem to matter - it works beautifully now, just like before.
The brokenness was probably also in some other configuration file which you managed to fix with authconfig-tui.
As for the NCRYPT_METHOD error - the new authconfig will not delete the NCRYPT_METHOD line from the /etc/login.defs, please just manually delete it from there.