LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Unable to login using AD user but works with local user
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-06-2021, 11:14 AM   #1
robcampbell
Member
 
Registered: Nov 2019
Posts: 34

Rep: Reputation: Disabled
Unable to login using AD user but works with local user

Distro: Fedora
Version: 34

I can't log in using ssh or desktop environment gui. Below is the ssh attempts.

/var/log/audit/audit.log

AD user
Quote:
type=CRYPTO_SESSION msg=audit(1636211273.313:1065): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=30605 suid=74 rport=34398 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1636211279.239:1066): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=? acct="redhat" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1636211301.144:1067): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=? acct="redhat" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1636211306.928:1068): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=? acct="redhat" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1636211308.493:1069): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=session fp=? direction=both spid=30605 suid=74 rport=34398 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_KEY_USER msg=audit(1636211308.493:1070): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30605 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_KEY_USER msg=audit(1636211308.495:1071): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30604 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=USER_LOGIN msg=audit(1636211308.495:1072): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=login acct="redhat" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1636211319.950:1073): pid=30609 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30609 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1636211319.959:1074): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=30609 suid=74 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
local user
Quote:
type=CRYPTO_SESSION msg=audit(1636211319.959:1075): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=30609 suid=74 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1636211323.237:1076): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=pam_usertype,pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1636211323.251:1077): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1636211323.251:1078): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=session fp=? direction=both spid=30609 suid=74 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1636211323.261:1079): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1636211323.261:1080): pid=30608 uid=0 subj=kernel old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=7 res=1UID="root" OLD-AUID="unset" AUID="test"
type=SERVICE_START msg=audit(1636211323.300:1081): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1636211323.327:1082): pid=30617 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="test" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1636211323.327:1083): pid=30617 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:setcred grantors=? acct="test" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=LOGIN msg=audit(1636211323.327:1084): pid=30617 uid=0 subj=kernel old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=8 res=1UID="root" OLD-AUID="unset" AUID="test"
type=USER_START msg=audit(1636211323.332:1085): pid=30617 uid=0 auid=1001 ses=8 subj=kernel msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="test" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test"
type=BPF msg=audit(1636211323.344:1086): prog-id=130 op=LOAD
type=BPF msg=audit(1636211323.344:1087): prog-id=130 op=UNLOAD
type=SERVICE_START msg=audit(1636211323.547:1088): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1636211323.558:1089): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:session_open grantors=pam_selinux,pam_winbind,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_ limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=CRYPTO_KEY_USER msg=audit(1636211323.560:1090): pid=30636 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30636 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="root"
type=CRED_ACQ msg=audit(1636211323.567:1091): pid=30636 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=USER_LOGIN msg=audit(1636211323.616:1092): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=USER_START msg=audit(1636211323.616:1093): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=CRYPTO_KEY_USER msg=audit(1636211323.618:1094): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30641 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="test"
type=BPF msg=audit(1636211323.646:1095): prog-id=131 op=LOAD
type=BPF msg=audit(1636211323.650:1096): prog-id=132 op=LOAD
type=SERVICE_START msg=audit(1636211323.765:1097): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_END msg=audit(1636211326.238:1098): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=USER_LOGOUT msg=audit(1636211326.238:1099): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=CRYPTO_KEY_USER msg=audit(1636211326.239:1100): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=session fp=? direction=both spid=30636 suid=1001 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="test" SUID="test"
type=CRYPTO_KEY_USER msg=audit(1636211326.240:1101): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30636 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="test"
type=USER_END msg=audit(1636211326.242:1102): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:session_close grantors=pam_selinux,pam_winbind,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_ limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=CRED_DISP msg=audit(1636211326.243:1103): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=CRYPTO_KEY_USER msg=audit(1636211326.244:1104): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30608 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="root"
type=SERVICE_STOP msg=audit(1636211336.454:1105): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1636211336.473:1106): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
 
Old 12-06-2021, 02:02 PM   #2
Superspeed500
Member
 
Registered: Oct 2017
Distribution: Fedora, Ubuntu, Rocky Linux, Debian
Posts: 46

Rep: Reputation: Disabled
How did you setup the AD integration? Are you using windbind or SSSD?

Example: I mostly use winbind on my clients/servers which means that the passwd and group setup of my /etc/nsswitch.conf file looks like this:
Code:
passwd:         files systemd winbind
group:          files systemd winbind
WARNING: Be carefull when editing that file to avoid messing up your login and making your system unusable.

Your AD user account must have some UNIX-attributes set in order to login in certain scenarios. Depends on how the integration is setup.
 
Old 12-11-2021, 11:32 AM   #3
robcampbell
Member
 
Registered: Nov 2019
Posts: 34

Original Poster
Rep: Reputation: Disabled
I added winbind as suggested in this thread to the computer I'm trying to log in with. It is already on all the other computers, including the AD server. I am able to log in on Debian OS, just not Fedora.
 
Old 12-11-2021, 11:52 AM   #4
Superspeed500
Member
 
Registered: Oct 2017
Distribution: Fedora, Ubuntu, Rocky Linux, Debian
Posts: 46

Rep: Reputation: Disabled
Quote:
Originally Posted by robcampbell View Post
I added winbind as suggested in this thread to the computer I'm trying to log in with. It is already on all the other computers, including the AD server. I am able to log in on Debian OS, just not Fedora.
The procedure for joining a computer to AD using winbind is described here: https://wiki.samba.org/index.php/Set..._Domain_Member

Have you checked the following?
  • That you can reach your AD DC using DNS names.
  • That the time between the AD and your client is in sync (I do belive this is a requirment if Kerberos is used, but not sure about non-kerberos auth)
  • That your smb.conf (probably located in /etc/samba on your system) file is properly configured. Make sure you use the correct idmap backend and have the UID and GID correctly setup. Also make sure that the UID and GID from the domain have no collisions with BUILTIN accounts.
  • That you have used the net ads join command to join the computer to the domain. A joined computer should appear under OU=Computers in your AD tree.

There is also a troubleshooting guide here: https://wiki.samba.org/index.php/Tro...Domain_Members

For more information about winbind see the man page (man -k winbind to list available man pages related to winbind). There should also be a man page for smb.conf.
 
  


Reply

Tags
authentication, fedora, samba, ssh



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNSMasq - dnslookup build.domain.local works but ping build.domain.local doesnt mustaghattack Linux - Server 2 03-01-2010 09:00 PM
ProFTPD -- Login faild from remote but works form local barkermn01 Linux - Newbie 2 10-19-2009 03:29 AM
Squirrelmail local login works but not from somewhere else cojones Linux - Server 19 09-16-2009 07:30 AM
XAWTV works, videodog works, motion works but how to code my own? rylan76 Linux - Hardware 0 01-06-2006 06:30 AM
I have re-installed MK 9.2 but cannot login as user, login as root works. bobinglis Mandriva 2 02-22-2004 11:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:05 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration