[08:58] <akik> hi, what could be the reason that getent passwd returns ldap users but i can't change to them? using nslcd against 389 directory server
[09:00] <akik> i have "files ldap" in nsswitch.conf and that makes those accounts available for getent
[09:07] <akik> when i start nslcd with -d i can see the connections to my ldap server
[09:12] <akik> is there some kind of tool like authconfig or authselect for ubuntu?
[09:16] <akik> maybe i need pam-auth-update --enable ldap ?
[09:44] <kenyon> akik: what's the error when you try to switch to the users? anything in auth.log about it?
[09:47] <akik> kenyon: it just says "su: user username does not exist"
[09:50] <akik> kenyon: this is ubuntu in a docker container so bits might be missing. e.g. no auth.log in /var/log
[09:50] <akik> systemd journal doesn't catch the attempt
[09:51] <akik> i was looking at the wrong log
[09:51] <akik> "Invalid user username" and "check pass; user unknown"
[09:53] <akik> i first tried with sssd but that gave me a more cryptic error that i couldn't google for
[09:59] <akik> i get these even before entering my password http://paste.debian.net/plain/1219698
[11:10] <akik> kenyon: it was about the ldap tls certificate sna
[11:11] <akik> kenyon: i'm configuring new remote hosts to use the same ldap server and i was using a different hostname for ldap access
[11:14] <akik> kenyon: so now i modified /etc/hosts to include the original ldap server names but new ip addresses
[11:15] <KNDX> The latest samba security upgrade broke our setup. (http://changelogs.ubuntu.com/changelogs/pool/main/s/samba/samba_4.13.14+dfsg-0ubuntu0.20.04.1/change...). We tried downgrading samba. But we also use sssd, and for that package there is only 1 version available anymore that depends on the latest samba version
[11:15] <KNDX> (http://changelogs.ubuntu.com/changelogs/pool/main/s/sssd/sssd_2.2.3-3ubuntu0.8/changelog). Any pointers how to get out of this conundrum... either solving the current samba issue, of getting the downgrade working
[14:07] <jamespage> icey: https://launchpad.net/ubuntu/+source/python-croniter
[14:07] <jamespage> your ubuntu delta got lost cause of the package versioning
[14:08] <jamespage> that's still valid AFAICT - do you want to re-upload again ontop of the latest sync from debian with tzlocal dropped from the runtime depends?
[14:10] <icey> jamespage: seems reasonable, except I can't upload it :-P
[14:10] <jamespage> icey: oh did someone sponsor that for you?
[14:10] <icey> yeah; https://people.canonical.com/~ubuntu-archive/packagesets/jammy/openstack shows the things I can upload right now
[14:11] <jamespage> icey: lemme sort that out then
[14:11] <jamespage> did something get submitted back to debian?
[14:12] <icey> I don't see a change in https://salsa.debian.org/openstack-team/python/python-croniter
[14:14] <jamespage> icey: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979494
[14:14] <icey> yeah - isn't it fun working with upstreams who leave things lying around :)
[14:42] <KNDX> We have been looking into this samba issue for a while now, but not getting much further. It seems to be related to nmbd. The linux servers can't seem to find the windows ad controllers anymore, and use one of the linux domain members as the master browser. smbclient fails with "session setup failed: NT_STATUS_NO_LOGON_SERVERS"