[RESPONDED] Can't do initial login with fingerprint (Ubuntu 22.04)

I’ve got an AMD Laptop 13 that I’m dual booting with windows 11 and ubuntu 22.04 (I’m on the 6.5.0-1020-oem kernel). I can get my fingerprint stored in ubuntu just fine, but it just doesn’t seem to do anything on initial login. I see a prompt for my password and the message “(or place finger on reader)” but using my finger print does nothing. I ultimately have to sign in with my password.

If I lock my user session in ubuntu after initial login I can authenticate with the fingerprint reader just fine though.

I’m pretty new to ubuntu so I’m mostly stock and haven’t messed with many things under the hood. I think the most advanced I’ve gotten is installing gnome-tweaks so that I can scale my desktop wallpaper.

For what it’s worth, I did see a post that mentioned not using a finger print for login on both windows and ubuntu simultaneously. I removed my Windows Hello fingerprint authentication method, and my finger prints in ubuntu. Then re-added my finger print hoping that would solve it but no luck.

Oh, maybe it matters here but I am using pam_mount to mount a network share on login. Maybe I can’t use a finger print as an authentication method because pam_mount expects a password?

Anything you can think of for me to try would be appreciated.

Hi @ryhadar ,

Can we first check if there is currently an enrolled fingerprints under your account?

fprintd-list username

replace username with your user name.
cheers! :slight_smile:

Hi there, thanks for the assist. Here’s what I’ve got:

found 1 devices
Device at /net/reactivated/Fprint/Device/0
Using device /net/reactivated/Fprint/Device/0
Fingerprints for user myuser on Goodix MOC Fingerprint Sensor (press):
 - #0: right-index-finger

Let my summarize your situation:

  • fingerprint authentication works does NOT work in GDM login screen
  • fingerprint authentication works fine in GNOME lock screen
  • fingerprint authentication works fine for commands like sudo bash in the terminal

Do you confirm this?

If it is the situationm the problem looks to be limited to GDM, fprint backend and pam module should be fine.

Hardly the problem if is related only to GDM.

I’m not familiar with pam_mount but this may be worth exploring. IIRC gdm uses it’s own file in /etc/pam.d which might not import “common” ubuntu pam configurations. IIRC this command should give you the authentication configuration in case fingerprint is active grep ^auth /etc/pam.d/gdm-fingerprint, might be worth checking the result.

Can you provide us more details: which pam file did you edit to add this automount?

Btw, with fingerprint authentication in the login screen, since you don’t provide a password, you lose some stuff like automatic unlock of gnome secret default user keyring.

Appreciate you getting back to me @Ulmondil. I setup pam_mount per How to mount CIFS shares permanently | Ubuntu under the section “Mount password-protected shares using libpam-mount”.

It seems our suspicions were correct! I still have libpam-mount installed but upon reversing the the steps in the aforementioned guide I am able to successfully login with just the finger print reader.

So, if you use libpam-mount/pam_mount to mount a network share on login you can’t use the finger print reader in Ubuntu on initial login.

I tried installing libpam-mount and I saw that on installation a script runs and modifies /etc/pam.d/common-auth but nothing modifies /etc/pam.d/gdm-fingerprint. Maybe there lies the issue. Anyway, if your idea of using pam_mount proves to hard to fix, you might to run something after login using the pam_exec module (for example you may run a shell script that mounts your network share).

Thanks for the background information on libpam-mount installation. Very interesting to hear that.

Anyway, I’m still green with linux but what I ended up ultimately doing was creating a script then running it on ubuntu’s “Startup Application” app that runs things on login. The script first uses nm-online to wait until my WiFi is ready (which defaults to waiting for 30 seconds), then as long as that is successful the script then mounts my network share using the mount command.

The nice benefit to this is that libpam worked maybe 90% of the time because it didn’t really wait for my WLAN’s link to be established. Now, the mount works 100% of the time with the script I wrote – and in the event that it doesn’t I can simply re-run the script from the terminal.

1 Like

Good. That’s probably the simpler way of doing it. I supposed you needed to get things done during authentication because you needed your login password to access the network share.

In the future, if you want to experience another option and learn some sysadmin linux stuff, then you can try doing the same thing the systemd units instead of the “Startup Application”: you can have your script as a user session one-shot service or even independently from your user login with a system one-shot service that runs after the network-online.target has been reached.