[wplug] Odd behavior on Ubuntu box using SSSD and AD

Ben Beige dariuscardren at gmail.com
Thu Jan 26 11:39:44 EST 2017


yeah I am, that is my typical workflow. as we don't prestage computer
accounts here



Ben Beige
dariuscardren at gmail.com

On Thu, Jan 26, 2017 at 11:38 AM, Jared Jennings <jjennings at fastmail.fm>
wrote:

> Hi Ben, are you moving it after you've joined up? That may not work.
>
> I haven't used sss on Ubuntu, so this might not be valid advice, but on
> RHEL with adcli (over against winbind) I was able to create the computer
> object ahead of time with the adcli preset-computer command. In fact that
> was the only way I found to create service principal names (SPNs) so I
> could, e.g., authenticate visitors to a website served by Apache using
> AD.On Jan 26, 2017 10:49, Ben Beige <dariuscardren at gmail.com> wrote:
> >
> > Hello folks,
> > I am setting up a new system at work using Ubuntu 16.04 LTS, and binding
> it
> > to our AD domain, everything works fine until I move it from the
> computers
> > OU in AD into our Servers OU, then I get login failures. I am not eve
> sure
> > which logs to check beyond /var/log/auth.log
> >
> > In defualt Computers OU:
> > Jan 26 10:29:38 hostname su[1463]: pam_unix(su:auth): authentication
> > failure; logname=localuser uid=1000 euid=0 tty=/dev/pts/0 ruser=localuser
> > rhost=  user=DomainUser
> > Jan 26 10:29:39 hostname su[1463]: pam_sss(su:auth): authentication
> > success; logname=localuser uid=1000 euid=0 tty=/dev/pts/0 ruser=localuser
> > rhost= user=DomainUser
> > Jan 26 10:29:39 hostname su[1463]: Successful su for DomainUser by
> localuser
> > Jan 26 10:29:39 hostname su[1463]: + /dev/pts/0 localuser:DomainUser
> > Jan 26 10:29:39 hostname su[1463]: pam_unix(su:session): session opened
> for
> > user DomainUser by localuser(uid=1000)
> >
> >
> > In our Servers OU:
> > Jan 26 10:42:21 hostname su[1529]: pam_unix(su:auth): authentication
> > failure; logname=localuser uid=1000 euid=0 tty=/dev/pts/0 ruser=localuser
> > rhost=  user=DomainUser
> > Jan 26 10:42:22 hostname su[1529]: pam_sss(su:auth): authentication
> > success; logname=localuser uid=1000 euid=0 tty=/dev/pts/0 ruser=localuser
> > rhost= user=DomainUser
> > Jan 26 10:42:23 hostname su[1529]: pam_sss(su:account): Access denied for
> > user DomainUser: 4 (System error)
> > Jan 26 10:42:23 hostname su[1529]: pam_acct_mgmt: System error
> > Jan 26 10:42:23 hostname su[1529]: FAILED su for DomainUser by localuser
> > Jan 26 10:42:23 hostname su[1529]: - /dev/pts/0 localuser:DomainUser
> >
> >
> > Any feedback/help would be appreciated. (user/hostnames have been
> scrubbed)
> >
> >
> > Ben Beige
> > dariuscardren at gmail.com
> > _______________________________________________
> > wplug mailing list
> > wplug at wplug.org
> > http://www.wplug.org/mailman/listinfo/wplug
>


More information about the wplug mailing list