Estou testando a versão openpbis 8.3 e tenho problemas de autenticação quando tento abrir uma nova sessão no Ubuntu 14.04 LTS, não na rede local, mas apenas na rede distante.
Adicionar o computador no diretório ativo é muito simples e eu não tive nenhum problema, na minha rede local e distante.
Mas quando quero abrir a sessão com minha conta de diretório ativa, tenho a mensagem "senha incorreta"
Então eu reinicializei, sob o diretório ativo, a senha e tente novamente abrir a sessão
Eu digitei a senha padrão, não tem problema, o sistema me pede para digitar uma nova senha, nenhuma mensagem e tudo parece estar OK, depois disso, entrei meu login e senha e tenho a mensagem senha errada.
Se eu usar o mesmo login e senha em um computador com Windows 7, não há problema para abrir a sessão.
Estou tentando depurar o openpbis:
Make Sure You Are Joined to the Domain
/opt/pbis/bin/domainjoin-cli query
Name = chou-l64
Domain = mydomain.LAN
Distinguished Name = CN=CHOU-L64,CN=Computers,DC=mydomain,DC=lan
###
Check Whether You Are Using a Valid Logon Form
MYDOMAIN\username
works
###
Clear the Cache
/opt/pbis/bin/ad-cache --delete-all
ok
###
Check the Status of the PBIS Authentication Service
/opt/pbis/bin/lwsm status lsass
running (container: 1436)
###
Check Communication between the PBIS Service and AD
/opt/pbis/bin/get-dc-name mydomain.lan
Printing LWNET_DC_INFO fields:
===============================
dwDomainControllerAddressType = 24
dwFlags = 312
dwVersion = 5
wLMToken = 65535
wNTToken = 65535
pszDomainControllerName = robinson.mydomain.lan
pszDomainControllerAddress = 172.16.0.253
pucDomainGUID(hex) = 21 40 5F 7F EB EA 19 4E 8E 42 0E 13 96 19 AF EB
pszNetBIOSDomainName = MYDOMAIN
pszFullyQualifiedDomainName = mydomain.lan
pszDnsForestName = mydomain.lan
pszDCSiteName = Lyon
pszClientSiteName = Paris
pszNetBIOSHostName = ROBINSON
pszUserName = <EMPTY>
###
Verify that PBIS Can Find a User in AD
/opt/pbis/bin/find-user-by-name MYDOMAIN.lan\dupond
User info (Level-0):
====================
Name: dupond
SID: S-1-5-21-545202174-1067577326-598125351-6851
Uid: 1657281219
Gid: 1657274881
Gecos: dupond dupond
Shell: /bin/bash
Home dir: /home/dupond
Logon restriction: NO
/opt/pbis/bin/find-user-by-name mydomain.lan\admindupont
User info (Level-0):
====================
Name: admindupont
SID: S-1-5-21-545202174-1067577326-598125351-6830
Uid: 1657281198
Gid: 1657274881
Gecos: Administrateur dupont
Shell: /bin/bash
Home dir: /home/admindupont
Logon restriction: NO
###
Make Sure the AD Authentication Provider Is Running
/opt/pbis/bin/get-status
LSA Server Status:
Compiled daemon version: 8.3.0.3287
Packaged product version: 8.3.3287.68880
Uptime: 0 days 1 hours 47 minutes 43 seconds
[Authentication provider: lsa-activedirectory-provider]
Status: Online
Mode: Un-provisioned
Domain: MYDOMAIN.LAN
Domain SID: S-1-5-21-545202174-1067577326-598125351
Forest: mydomain.lan
Site: Lyon
Online check interval: 300 seconds
[Trusted Domains: 1]
[Domain: MYDOMAIN]
DNS Domain: mydomain.lan
Netbios name: MYDOMAIN
Forest name: mydomain.lan
Trustee DNS name:
Client site name: Paris
Domain SID: S-1-5-21-545202174-1067577326-598125351
Domain GUID: 00000000-0000-0000-0000-000000000000
Trust Flags: [0x001d]
[0x0001 - In forest]
[0x0004 - Tree root]
[0x0008 - Primary]
[0x0010 - Native]
Trust type: Up Level
Trust Attributes: [0x0000]
Trust Direction: Primary Domain
Trust Mode: In my forest Trust (MFT)
Domain flags: [0x0003]
[0x0001 - Primary]
[0x0002 - Offline]
[Domain Controller (DC) Information]
DC Name: robinson.mydomain.lan
DC Address: 172.16.0.253
DC Site: Lyon
DC Flags: [0x00000138]
DC Is PDC: no
DC is time server: no
DC has writeable DS: yes
DC is Global Catalog: no
DC is running KDC: yes
###
Run the id Command to Check the User
id mydomain.lan\dupond
uid=1657281219(dupond) gid=1657274881(utilisa.^du^domaine groupes=1657274881(utilisa.^du^domaine)
###
/etc/nsswitch.conf
passwd: compat lsass
group: compat lsass
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
###
/etc/pam.d/less common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session [success=ok default=ignore] pam_lsass.so
session optional pam_mount.so
session optional pam_systemd.so
session optional pam_ck_connector.so nox11
Quando tento abrir a sessão neste PC, tenho estas mensagens em /var/log/auth.log
:
Jul 23 15:22:26 chou-l64 login[1728]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:22:29 chou-l64 login[1728]: FAILED LOGIN (1) on '/dev/tty1' FOR 'dupond', Authentication failure
Jul 23 15:24:25 chou-l64 sshd[11898]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:26 chou-l64 sshd[11896]: error: PAM: Authentication failure for dupond from localhost
Jul 23 15:24:34 chou-l64 sshd[11919]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:39 chou-l64 sshd[11922]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:41 chou-l64 sshd[11896]: message repeated 2 times: [ error: PAM: Authentication failure for dupond from localhost]
Jul 23 15:24:50 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:52 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2
Jul 23 15:24:58 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:25:01 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2
Como posso resolver este problema?