[LightDM] lightdm + winbind + accountsservice

Tue Apr 30 17:58:31 UTC 2019

Hi all,

I am using lightdm with accountsservice and winbind on Debian 9 (stretch)
and Debian 10 (buster).
My topic described below is equal on both systems. The package versions
used are listed at the end of this mail.

Winbind is configured to allow offline logins by using 'winbind offline
logon = yes' in smb.conf.
My users login using lightdm-gtk-greeter and since I have added
'session-setup-script=lightdm-cache-users.sh' option within the
[SeatDefaults]
they are getting cached by accounts-daemon and the last user who logged on
is remembered by lightdm (content of 'lightdm-cache-users.sh' at the end of
this mail).
This works perfectly fine for local user accounts.
Unfortunately I have a problem with accounts that login via winbind since
lightdm starts previously to winbind being online.
This causes accounts-daemon (which is not waiting for winbind) not being
able to provide the account to lightdm and lightdm due to this not being
able list the winbind user as "last-user" that was logged in.
As soon as winbind service was startet up correctly I can see and select my
winbind users that were already logged in previously from the users list.

A "workaround" I was able to perform is changing lightdm.service unit file
as follows:

*After=systemd-user-sessions.service *
to
*After=systemd-user-sessions.service winbind.service*

*ExecStartPre=/bin/sh -c '[ "$(cat /etc/X11/default-display-manager
2>/dev/null)" = "/usr/sbin/lightdm" ]'*
to
*ExecStartPre=/bin/sh -c '[ "$(cat /etc/X11/default-display-manager
2>/dev/null)" = "/usr/sbin/lightdm" ] && sleep 2'*

The 'sleep 2' I think was necessary since it seemed to take a second or two
until accounts-daemon recieved the accounts from winbind service after it
started correctly.
Never the less this caused up to 9 seconds of 'black screen'/'usual non X
window login screen' shown to the user when startup already 'finished'.
(depending on network etc since winbind is looking for
'network-online.target' which takes some seconds to start...

Any ideas how this can be solved in a smoother way than my workaround above?

Thank you in advance

Martin

------------- lightdm-cache-users.sh -------------
*#! /bin/bash*

*##--register user in /var/lib/AccountsService/users*
*dbus-send --system --type=method_call --print-reply
--dest=org.freedesktop.Accounts /org/freedesktop/Accounts
org.freedesktop.Accounts.CacheUser string:"$USER"*

*##--save user as last logged on user for lightdm*
*lightdm_gtk_d="/var/lib/lightdm/.cache/lightdm-gtk-greeter"*
*if [ ! -d "${lightdm_gtk_d}" ];then mkdir -p "${lightdm_gtk_d}" && chmod
755 "${lightdm_gtk_d}" && chown lightdm:lightdm "${lightdm_gtk_d}";fi*
*if [ -f "${lightdm_gtk_d}/state" ];then*
* sed -i "s#last-user\=.*#last-user\=${USER}#g" "${lightdm_gtk_d}/state"*
*else*
*cat > "${lightdm_gtk_d}/state" <<-EOF*
* [greeter]*
* last-user=$USER*
* last-session=lightdm-xsession*
*EOF*
*fi*

------------- Debian 9 (stretch) package versions -------------
*0.6.43-1 accountsservice*
*0.6.43-1 libaccountsservice0*
*1.18.3-1 liblightdm-gobject-1-0*
*2:4.5.16+dfsg-1+deb9u1 libnss-winbind*
*2:4.5.16+dfsg-1+deb9u1 libpam-winbind*
*1.18.3-1 lightdm*
*2.0.2-1 lightdm-gtk-greeter*
*2:4.5.16+dfsg-1+deb9u1 winbind*

------------- Debian 10 (buster) package versions -------------
*0.6.45-2 accountsservice*
*0.6.45-2 libaccountsservice0*
*1.26.0-4 liblightdm-gobject-1-0*
*2:4.9.5+dfsg-3 libnss-winbind*
*2:4.9.5+dfsg-3 libpam-winbind*
*1.26.0-4 lightdm*
*2.0.6-1 lightdm-gtk-greeter*
*2:4.9.5+dfsg-3 winbind*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/lightdm/attachments/20190430/14cf161d/attachment.html>