0

I use LightDM als my display manager, entering user credentials via its greeter login. The system's PAM authenticates against a LDAP server. Unfortunately, the network is unreliable hence the LDAP server often cannot be reached. This is what is logged in auth.log:

lightdm: nss_ldap: could not connect to any LDAP server as (null) - Can't contact LDAP server lightdm: nss_ldap: failed to bind to LDAP server ldap://ldap.example.com: Can't contact LDAP server lightdm: nss_ldap: could not search LDAP server - Server is unavailable

Consequently, the LDAP PAM module fails. Unfortunately, the exact reason of the error is lost along the way and LightDM shows a "wrong password" message, which is horribly misleading:

Login screen shows "wrong password" due to network issues

Is there any way to display a "login failed due to LDAP server unreachable" message instead? This is a mock-up of what I would like to see:

mock-up of better error message in login screen

Further details:

  • I cannot guarantee that a user has ever been logged-on to any machine in particular.
  • A network connection is needed as the user's home resides on a share.
Improve this question
2
  • 1
    I would say you could probably change the message, but it looks like you get password message when auth fails for any reason. If you want it to react properly, you will have to file a bug with lightdm, or better, fix it yourself ;-) Commented May 7, 2019 at 12:33
  • @thecarpy I was afraid that would probably be the answer. I had hoped I might have overlooked some configuration directive or alike. Commented May 7, 2019 at 12:34

1 Answer 1

Reset to default
0

It seems your either using pam_ldap/nss_ldap combo or nss-pam-ldapd. Both do not support caching password hashes of former successful logins.

You might want to consider using sssd instead with password caching enabled.

Improve this answer
3
  • It is indeed pam_ldap. Your suggestion is a sensible workaround in theory – but the home directory is also mounted via network. I would prefer to inform the user of the actual problem. Commented May 19, 2019 at 21:40
  • You did not mention LDAP-based automounter in your question at all. Commented May 20, 2019 at 11:08
  • Indeed, I did not. I added detail to the question. Commented May 20, 2019 at 14:03

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.