Problema com PBISOpen e Ubuntu 14.04LTS

6

Estou testando a versão openpbis 8.3 e tenho problemas de autenticação quando tento abrir uma nova sessão no Ubuntu 14.04 LTS, não na rede local, mas apenas na rede distante.

Adicionar o computador no diretório ativo é muito simples e eu não tive nenhum problema, na minha rede local e distante.

Mas quando quero abrir a sessão com minha conta de diretório ativa, tenho a mensagem "senha incorreta"

Então eu reinicializei, sob o diretório ativo, a senha e tente novamente abrir a sessão

Eu digitei a senha padrão, não tem problema, o sistema me pede para digitar uma nova senha, nenhuma mensagem e tudo parece estar OK, depois disso, entrei meu login e senha e tenho a mensagem senha errada.

Se eu usar o mesmo login e senha em um computador com Windows 7, não há problema para abrir a sessão.

Estou tentando depurar o openpbis:

Make Sure You Are Joined to the Domain
/opt/pbis/bin/domainjoin-cli query
Name = chou-l64
Domain = mydomain.LAN
Distinguished Name = CN=CHOU-L64,CN=Computers,DC=mydomain,DC=lan

###

Check Whether You Are Using a Valid Logon Form
MYDOMAIN\username
works

###

Clear the Cache
/opt/pbis/bin/ad-cache --delete-all
ok

###

Check the Status of the PBIS Authentication Service
/opt/pbis/bin/lwsm status lsass
running (container: 1436)

###

Check Communication between the PBIS Service and AD
/opt/pbis/bin/get-dc-name mydomain.lan

Printing LWNET_DC_INFO fields:
===============================
dwDomainControllerAddressType = 24
dwFlags = 312
dwVersion = 5
wLMToken = 65535
wNTToken = 65535
pszDomainControllerName = robinson.mydomain.lan
pszDomainControllerAddress = 172.16.0.253
pucDomainGUID(hex) = 21 40 5F 7F EB EA 19 4E 8E 42 0E 13 96 19 AF EB 
pszNetBIOSDomainName = MYDOMAIN
pszFullyQualifiedDomainName = mydomain.lan
pszDnsForestName = mydomain.lan
pszDCSiteName = Lyon
pszClientSiteName = Paris
pszNetBIOSHostName = ROBINSON
pszUserName = <EMPTY>

###

Verify that PBIS Can Find a User in AD
/opt/pbis/bin/find-user-by-name MYDOMAIN.lan\dupond
User info (Level-0):
====================
Name:              dupond
SID:               S-1-5-21-545202174-1067577326-598125351-6851
Uid:               1657281219
Gid:               1657274881
Gecos:             dupond dupond
Shell:             /bin/bash
Home dir:          /home/dupond
Logon restriction: NO

/opt/pbis/bin/find-user-by-name mydomain.lan\admindupont
User info (Level-0):
====================
Name:              admindupont
SID:               S-1-5-21-545202174-1067577326-598125351-6830
Uid:               1657281198
Gid:               1657274881
Gecos:             Administrateur dupont
Shell:             /bin/bash
Home dir:          /home/admindupont
Logon restriction: NO

###

Make Sure the AD Authentication Provider Is Running

/opt/pbis/bin/get-status
LSA Server Status:

Compiled daemon version: 8.3.0.3287
Packaged product version: 8.3.3287.68880
Uptime:        0 days 1 hours 47 minutes 43 seconds

[Authentication provider: lsa-activedirectory-provider]

    Status:        Online
    Mode:          Un-provisioned
    Domain:        MYDOMAIN.LAN
    Domain SID:    S-1-5-21-545202174-1067577326-598125351
    Forest:        mydomain.lan
    Site:          Lyon
    Online check interval:  300 seconds
    [Trusted Domains: 1]

    [Domain: MYDOMAIN]

            DNS Domain:       mydomain.lan
            Netbios name:     MYDOMAIN
            Forest name:      mydomain.lan
            Trustee DNS name: 
            Client site name: Paris
            Domain SID:       S-1-5-21-545202174-1067577326-598125351
            Domain GUID:      00000000-0000-0000-0000-000000000000
            Trust Flags:      [0x001d]
                              [0x0001 - In forest]
                              [0x0004 - Tree root]
                              [0x0008 - Primary]
                              [0x0010 - Native]
            Trust type:       Up Level
            Trust Attributes: [0x0000]
            Trust Direction:  Primary Domain
            Trust Mode:       In my forest Trust (MFT)
            Domain flags:     [0x0003]
                              [0x0001 - Primary]
                              [0x0002 - Offline]

            [Domain Controller (DC) Information]

                    DC Name:              robinson.mydomain.lan
                    DC Address:           172.16.0.253
                    DC Site:              Lyon
                    DC Flags:             [0x00000138]
                    DC Is PDC:            no
                    DC is time server:    no
                    DC has writeable DS:  yes
                    DC is Global Catalog: no
                    DC is running KDC:    yes

###

Run the id Command to Check the User
id mydomain.lan\dupond
uid=1657281219(dupond) gid=1657274881(utilisa.^du^domaine groupes=1657274881(utilisa.^du^domaine)

###

/etc/nsswitch.conf
passwd:         compat lsass
group:          compat lsass
shadow:         compat
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

###

/etc/pam.d/less common-session

session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session optional        pam_umask.so
session required        pam_unix.so 
session [success=ok default=ignore]     pam_lsass.so 
session optional        pam_mount.so 
session optional        pam_systemd.so 
session optional                        pam_ck_connector.so nox11

Quando tento abrir a sessão neste PC, tenho estas mensagens em /var/log/auth.log :

Jul 23 15:22:26 chou-l64 login[1728]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:22:29 chou-l64 login[1728]: FAILED LOGIN (1) on '/dev/tty1' FOR 'dupond', Authentication failure
Jul 23 15:24:25 chou-l64 sshd[11898]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:26 chou-l64 sshd[11896]: error: PAM: Authentication failure for dupond from localhost
Jul 23 15:24:34 chou-l64 sshd[11919]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:39 chou-l64 sshd[11922]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:41 chou-l64 sshd[11896]: message repeated 2 times: [ error: PAM: Authentication failure for dupond from localhost]
Jul 23 15:24:50 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:52 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2
Jul 23 15:24:58 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:25:01 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2

Como posso resolver este problema?

    
por Minus63 27.07.2015 / 15:16

0 respostas