LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Likewise not authenticating users in Ubuntu 10.04 (http://www.linuxquestions.org/questions/linux-networking-3/likewise-not-authenticating-users-in-ubuntu-10-04-a-946322/)

pyroteamkill 05-22-2012 11:23 AM

Likewise not authenticating users in Ubuntu 10.04
 
Hi guys

I have been following this guide here
https://help.ubuntu.com/community/LikewiseOpen
and have successfully attached my Ubunto 10.04 machine onto the domain at work. However when I try to log in using domain user ('domain\user') it doesn't seem to recognise the user. This has been tried both through logging into the desktop environment and SSH.

I'm not sure why this isn't working.

Any guidance or help would be greatly appreciated guys!

EDIT: Fixed the URL link and the domain username

sag47 05-22-2012 02:08 PM

Windows domains usually require 'domain\user'. Could you provide any additional information such as how you configured your system with the domain? With the little information you've given it's difficult for anyone to give a respectable response. The guide you linked to reference tools for local user management and not domain level user management.

Also why 10.04? 10.04 LTS will be reaching the end of it's support life within 6 months. 12.04 LTS has recently been released and is what replaces it with a 5 year support plan.

pyroteamkill 05-23-2012 03:43 AM

Sorry, I made a right pigs ear of that post. I have fixed the URL to what I was actually using and I have been writing the user as domain\user.
Also thanks for the heads up about 12.04!

Our domain controller is using Windows Server 2008 R2
I'll give a dump of the lw-get-status for details. I've changed the actual domains used for security and that sort.
Code:

LSA Server Status:

Compiled daemon version: 5.0.0.0
Packaged product version: 5.4.0.42111
Uptime:        1 days 20 hours 32 minutes 15 seconds

[Authentication provider: lsa-activedirectory-provider]

        Status:        Online
        Mode:          Un-provisioned
        Domain:        OURDOMAIN.COM
        Forest:        ourdomain.com
        Site:          Default-First-Site-Name
        Online check interval:  300 seconds
        [Trusted Domains: 1]


        [Domain: GPSLSOLUTIONS]

                DNS Domain:      ourdomain.com
                Netbios name:    OURDOMAIN
                Forest name:      ourdomain.com
                Trustee DNS name:
                Client site name: Default-First-Site-Name
                Domain SID:      S-1-5-21-2468765475-323267002-2056754139
                Domain GUID:      63282dda-0ff7-1844-85c4-1d232b23d8e3
                Trust Flags:      [0x001d]
                                  [0x0001 - In forest]
                                  [0x0004 - Tree root]
                                  [0x0008 - Primary]
                                  [0x0010 - Native]
                Trust type:      Up Level
                Trust Attributes: [0x0000]
                Trust Direction:  Primary Domain
                Trust Mode:      In my forest Trust (MFT)
                Domain flags:    [0x0001]
                                  [0x0001 - Primary]

                [Domain Controller (DC) Information]

                        DC Name:              domainController.ourdomain.com
                        DC Address:          xxx.xxx.xxx.xxx
                        DC Site:              Default-First-Site-Name
                        DC Flags:            [0x000033fd]
                        DC Is PDC:            yes
                        DC is time server:    yes
                        DC has writeable DS:  yes
                        DC is Global Catalog: yes
                        DC is running KDC:    yes

[Authentication provider: lsa-local-provider]

        Status:        Online
        Mode:          Local system

I hope that is the right sort of information. I apologise for the rushed first post.

manyrootsofallevil 05-23-2012 10:17 AM

do you get domain users listed if you run this command
Code:

getent passwd
you could have a look at /var/log/auth.log to find clues there

pyroteamkill 05-23-2012 11:06 AM

No I don't.
Looks like I need to do some PAM configuration perhaps?
I tested by trying to SSH into the machine (from itself)

auth.log:
Code:

May 23 17:11:04 ubuntu-server sshd[4468]: Invalid user ourdomain\\Administrator from 127.0.1.1
May 23 17:11:05 ubuntu-server sshd[4468]: Failed none for invalid user ourdomain\\Administrator from 127.0.1.1 port 57788 ssh2
May 23 17:12:10 ubuntu-server sshd[4472]: pam_unix(sshd:auth): check pass; user unknown
May 23 17:12:10 ubuntu-server sshd[4472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ubuntu-server.ourdomain.com
May 23 17:12:12 ubuntu-server sshd[4468]: error: PAM: Authentication failure for illegal user ourdomain\\Administrator from ubuntu-server.ourdomain.com
May 23 17:12:12 ubuntu-server sshd[4468]: Failed keyboard-interactive/pam for invalid user ourdomain\\Administrator from 127.0.1.1 port 57788 ssh2
May 23 17:12:18 ubuntu-server sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
May 23 17:12:18 ubuntu-server sshd[4474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ubuntu-server.ourdomain.com
May 23 17:12:20 ubuntu-server sshd[4468]: error: PAM: Authentication failure for illegal user ourdomain\\Administrator from ubuntu-server.ourdomain.com
May 23 17:12:20 ubuntu-server sshd[4468]: Failed keyboard-interactive/pam for invalid user ourdomain\\Administrator from 127.0.1.1 port 57788 ssh2
May 23 17:12:30 ubuntu-server sshd[4475]: pam_unix(sshd:auth): check pass; user unknown
May 23 17:12:30 ubuntu-server sshd[4475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gpslserver-test.ourdomain.com
May 23 17:12:32 ubuntu-server sshd[4468]: error: PAM: Authentication failure for illegal user ourdomain\\Administrator from ubuntu-server.ourdomain.com
May 23 17:12:32 ubuntu-server sshd[4468]: Failed keyboard-interactive/pam for invalid user ourdomain\\Administrator from 127.0.1.1 port 57788 ssh2
May 23 17:12:42 ubuntu-server sshd[4468]: pam_unix(sshd:auth): check pass; user unknown
May 23 17:12:42 ubuntu-server sshd[4468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ubuntu-server.ourdomain.com
May 23 17:12:44 ubuntu-server sshd[4468]: Failed password for invalid user ourdomain\\Administrator from 127.0.1.1 port 57788 ssh2
May 23 17:12:48 ubuntu-server sshd[4468]: pam_unix(sshd:auth): check pass; user unknown
May 23 17:12:50 ubuntu-server sshd[4468]: Failed password for invalid user ourdomain\\Administrator from 127.0.1.1 port 57788 ssh2


manyrootsofallevil 05-24-2012 02:41 AM

This is a very windows thing to suggest, but could you try leaving and then re-joining the domain.

I think (i'm using ubuntu 12.04) that you need something like this in /etc/nsswitch.conf

Quote:

passwd: compat lsass
group: compat lsass
shadow: compat

pyroteamkill 05-25-2012 06:30 AM

Hi there
I already have that it seems. Here is the full nsswitch.conf

Code:

passwd:                compat lsass
group:                compat lsass
shadow:                compat

hosts:                files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:        files

protocols:        db files
services:        db files
ethers:                db files
rpc:                db files

netgroup:        nis


pyroteamkill 05-28-2012 05:32 AM

Bump

manyrootsofallevil 05-29-2012 02:29 AM

did you try to leave the domain and re-join?

Also, is the server showing up in the Computers OU (if that is where you joined) when you check from Windows?

pyroteamkill 05-31-2012 10:53 AM

I have rejoined and the machine is showing up in the domain server.

JamesConley 06-01-2012 12:22 AM

I just recently had some issues like this and I made sure that I did a : sudo ssh "usrname-desktop" then entered password. When I tried using the IP address it would connect but not authenticate. When I ssh from LInux into my mac I have to use the IP address then it will authenticate.

Just thought I'd add this because of my recent experiences with my own machines and how my problems were remedied.

pyroteamkill 06-01-2012 06:17 AM

Ok, after further reading it seems the latest version of Samba is not supported by Likewise-Open.
I am going to try and progress forward using Winbind.

Thanks a lot for the help provided so far anyways!

drecute 06-04-2012 07:48 AM

Quote:

Originally Posted by pyroteamkill (Post 4692871)
I am going to try and progress forward using Winbind.

What do you mean by this? I'm having this exact problems. Please what exactly did you do to solve this. Did you downgrade Samba? Does your choice of winbind mean you no longer used Likewise-Open?

Kindly let me know. Thanks

jrjoy 10-15-2012 01:42 AM

Authentication error
 
Hello guys
im very new with using any other sofware but windows so please try to be as simplest as you can.
every time that i try to update, download or install a program it allwaystell me that( this operation cannot continue since proper Authorisation was not provided. im lost here pleas helpe me. ohh IM USING kUBUNTU 12.04

THANK you guys


All times are GMT -5. The time now is 11:34 AM.