Intermittent Windows Domain Logon problems in Ubuntu
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Intermittent Windows Domain Logon problems in Ubuntu
Hi there,
I'm currently experiencing intermittent logon issues with Ubuntu 7.04, when users log on using the Windows Domain account.
Just a bit of background: What we would like to do is have our Linux users’ logon to their machines using the same credentials as stored on our Windows Active Directory. This simplifies things for the Linux users as they then only have to remember one password, and also makes life easier for us, the administrators, since we can enforce password policy etc. We've successfully connected our Ubuntu Desktops to the domain using instructions I have found on the Ubuntu forums. The computer shows up on the Active Directory correctly, and I can perform a "wbinfo -u" and a "wbinfo -g" successfully from a shell on the desktop after it has been joined.
Now the problem is, once connected to the domain, a domain user sometimes can login and sometimes cannot. That is, at the Gnome logon screen, half the time a domain user can logon successfully, and the other half of the time they get a "incorrect username/password" error message even though the credentials are correct. If the user cannot logon, they have to reboot their machine constantly until the desktop allows them to logon. Typically this means they have to reboot once, since 50% of the time the desktop lets you logon, but sometimes they must reboot more than once.
Now, I've done a bit of troubleshooting to try work out the problem:
- When the user cannot logon, I drop out to a shell, logon as root, and perform a "wbinfo -u" and "wbinfo -g" and it successfully lists all the users and groups. I can also logon to that domain user by going "su - [domain user]", however, I still cannot logon as that user from the Gnome logon screen.
- From a clean install of Ubuntu 7.04 desktop, I get the same issue, so its not another program conflicting and causing the problem.
- I've tried on several different machines of the same or similar type (Intel 915/945 Motherboard), and the problem remains.
- The logs in /var/log/samba don't show anything. That is, there is no log information in any of the log.wb-* files, when the user can or cannot login.
It would be greatly appreciated if anyone could give me an idea as to why this is happening.
Please, if you can, post your smb.conf file. I seem to remember certain options in regards to nt_passwords that need to be set in smb.conf for things to work correctly with Windows AD. Obviously, linux crypt isn't the same as nt_passwd so there's some translation that has to happen. Also, please give us a little more detail on your Samba setup and how that ties in with the connection to your domain. It's been a while since I've had to set up any sort of Samba and Windows AD configuration, but my general impression last time was that they tend not to play very well together.
Please, if you can, post your smb.conf file. I seem to remember certain options in regards to nt_passwords that need to be set in smb.conf for things to work correctly with Windows AD. Obviously, linux crypt isn't the same as nt_passwd so there's some translation that has to happen. Also, please give us a little more detail on your Samba setup and how that ties in with the connection to your domain. It's been a while since I've had to set up any sort of Samba and Windows AD configuration, but my general impression last time was that they tend not to play very well together.
Thanks for the reply. I've been meaning to come back to linuxquestions.org to post a reply to indicate that I've sorted out the problem. It took alot of kicking but its working alot more reliably now. So thanks for reminding me. The fix for the problem is below:
Now here is my smb.conf file that was causing the problem:
As you can see, the "password server" variable was originally set to * which must have confused the computer (and having vmware setup on the computer also doesn't help).
By setting this value to the actual domain server, i.e. domainserver.XXXXX.co.nz, fixed the problem.
Thanks for the reply, and I hope this post helps someone else.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.