LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   RedHat 6.6 - problem with AD account authentication (https://www.linuxquestions.org/questions/red-hat-31/redhat-6-6-problem-with-ad-account-authentication-4175553769/)

ESvenVA 09-17-2015 10:40 AM
RedHat 6.6 - problem with AD account authentication
 
Hello, I have been searching for an answer to this, and have come up short. Perhaps the smart people of this forum can assist.

RedHat v6.6 (modified + security lock down, so not the off-the-shelf COTS version)
VMWare v5.5
LikeWise v7.0

Problem - Authentication issue using AD account, local accounts work fine. I can not get consistent authentication across the system with an AD account. For example, ssh, sudo, etc...

Symptoms- I CAN SSH login to the system from my domain PC logged in as "user1" using MobaXterm and the default setting for user id. This will pass my domain login session directly to the RH VM no problem.

I CAN run the LikeWise commands "lw-get-status, lw-find-user-by-name" and get the appropriate responses from the domain. This would seem to indicate it is properly communicating with the Domain, and able to query the AD.

I CAN NOT SSH login to the system using SSH client or PuTTy. Both complain about authentication cipher mismatch, so I don't really care about PuTTy, but we do use SSH client for Windows quite a bit. These may not be relevant, but I mention it anyway.

I CAN NOT sudo as "user1" to another user. (IE root "sudo su -". It will prompt for the password, and the password I enter will NOT be accepted.

I also CAN NOT SSH from 1 system to another using an AD account. This works fine with local accounts. I get messages in the /var/log/secure log file like this:

"SSH"
Sep 17 13:38:00 db01dev sshd[18794]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Sep 17 13:38:01 db01dev sshd[18802]: Failed password for user1 from 10.10.10.201 port 53117 ssh2
Sep 17 13:38:03 db01dev unix_chkpwd[18829]: check pass; user unknown
Sep 17 13:38:03 db01dev unix_chkpwd[18829]: password check failed for user (user1)
Sep 17 13:38:05 db01dev sshd[18802]: error: PAM: Permission denied for user1 from domain_pc-08.company.dev
Sep 17 13:38:05 db01dev sshd[18803]: Received disconnect from 10.10.10.201: 11: No more authentication methods available

"SUDO"
Sep 17 13:45:13 db01dev unix_chkpwd[18899]: check pass; user unknown
Sep 17 13:45:13 db01dev unix_chkpwd[18899]: password check failed for user (user1)
Sep 17 13:45:13 db01dev sudo: pam_unix(sudo:auth): authentication failure; logname=user1 uid=32xxxxxx euid=0 tty=/dev/pts/0 ruser=user1 rhost= user=user1
Sep 17 13:50:15 db01dev sudo: [lsass-pam] [module:pam_lsass]LsaPamGetCurrentPassword failed [error code: 49919]
Sep 17 13:50:15 db01dev sudo: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:user1][error code:49919]
Sep 17 13:50:18 db01dev sudo: user1: user NOT in sudoers ; TTY=pts/0 ; PWD=/home/company/user1; USER=root ; COMMAND=/bin/su -

This "feels" like it has something to do with /etc/pam.d/* files, but what? You can login and authenticate, but other functions/programs do not!? Any useful suggestions would be appreciated. I apologize if this is not the correct forum, and I will re-post in another if needed.

thyrsus 09-20-2015 01:02 AM
What's the origin of pam_lsass? In any case, we don't see it mentioned in the ssh authentication failure, which means that it wasn't tried, or pam has been told that unix_chkpasswd is requisite, and doesn't try further authentication methods. It would help if you posted the relevant /etc/pam.d files here (which likely includes system-auth) - and please put them in [CODE] markers; that should avoid emoticons obscuring the content :p


All times are GMT -5. The time now is 07:29 AM.