[wplug] Odd behavior on Ubuntu box using SSSD and AD

Ben Beige dariuscardren at gmail.com
Fri Jan 27 13:42:57 EST 2017


I've figured it out, it turns out that in our AD structure we have the
server OU that is "Server(City)", it seems that sssd does not really like
this. the fix was a new server OU for joined Linux servers.



Ben Beige
dariuscardren at gmail.com

On Thu, Jan 26, 2017 at 11:39 AM, Ben Beige <dariuscardren at gmail.com> wrote:

> yeah I am, that is my typical workflow. as we don't prestage computer
> accounts here
>
>
>
> Ben Beige
> dariuscardren at gmail.com
>
> On Thu, Jan 26, 2017 at 11:38 AM, Jared Jennings <jjennings at fastmail.fm>
> wrote:
>
>> Hi Ben, are you moving it after you've joined up? That may not work.
>>
>> I haven't used sss on Ubuntu, so this might not be valid advice, but on
>> RHEL with adcli (over against winbind) I was able to create the computer
>> object ahead of time with the adcli preset-computer command. In fact that
>> was the only way I found to create service principal names (SPNs) so I
>> could, e.g., authenticate visitors to a website served by Apache using
>> AD.On Jan 26, 2017 10:49, Ben Beige <dariuscardren at gmail.com> wrote:
>> >
>> > Hello folks,
>> > I am setting up a new system at work using Ubuntu 16.04 LTS, and
>> binding it
>> > to our AD domain, everything works fine until I move it from the
>> computers
>> > OU in AD into our Servers OU, then I get login failures. I am not eve
>> sure
>> > which logs to check beyond /var/log/auth.log
>> >
>> > In defualt Computers OU:
>> > Jan 26 10:29:38 hostname su[1463]: pam_unix(su:auth): authentication
>> > failure; logname=localuser uid=1000 euid=0 tty=/dev/pts/0
>> ruser=localuser
>> > rhost=  user=DomainUser
>> > Jan 26 10:29:39 hostname su[1463]: pam_sss(su:auth): authentication
>> > success; logname=localuser uid=1000 euid=0 tty=/dev/pts/0
>> ruser=localuser
>> > rhost= user=DomainUser
>> > Jan 26 10:29:39 hostname su[1463]: Successful su for DomainUser by
>> localuser
>> > Jan 26 10:29:39 hostname su[1463]: + /dev/pts/0 localuser:DomainUser
>> > Jan 26 10:29:39 hostname su[1463]: pam_unix(su:session): session opened
>> for
>> > user DomainUser by localuser(uid=1000)
>> >
>> >
>> > In our Servers OU:
>> > Jan 26 10:42:21 hostname su[1529]: pam_unix(su:auth): authentication
>> > failure; logname=localuser uid=1000 euid=0 tty=/dev/pts/0
>> ruser=localuser
>> > rhost=  user=DomainUser
>> > Jan 26 10:42:22 hostname su[1529]: pam_sss(su:auth): authentication
>> > success; logname=localuser uid=1000 euid=0 tty=/dev/pts/0
>> ruser=localuser
>> > rhost= user=DomainUser
>> > Jan 26 10:42:23 hostname su[1529]: pam_sss(su:account): Access denied
>> for
>> > user DomainUser: 4 (System error)
>> > Jan 26 10:42:23 hostname su[1529]: pam_acct_mgmt: System error
>> > Jan 26 10:42:23 hostname su[1529]: FAILED su for DomainUser by localuser
>> > Jan 26 10:42:23 hostname su[1529]: - /dev/pts/0 localuser:DomainUser
>> >
>> >
>> > Any feedback/help would be appreciated. (user/hostnames have been
>> scrubbed)
>> >
>> >
>> > Ben Beige
>> > dariuscardren at gmail.com
>> > _______________________________________________
>> > wplug mailing list
>> > wplug at wplug.org
>> > http://www.wplug.org/mailman/listinfo/wplug
>>
>
>


More information about the wplug mailing list