ubuntu
Unable to login as a user of the joined Active Directory
Please do not report security vulnerabilities here
Use launchpad ADSys private bugs which is monitored by our security team. On ubuntu machine, it’s best to useubuntu-bug adsysto collect relevant information.
Thank you in advance for helping us to improve ADSys!
Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use Ubuntu Discourse. Finally, to avoid duplicates, please search existing Issues before submitting one here.
By submitting an Issue to this repository, you agree to the terms within the Ubuntu Code of Conduct.
Description
Unable to login as a user of the joined Active Directory
Here my error message.
sudo login > user > passwd > error
Reproduction
It is presumed that this problem occurred when ADCS(Active Drictory Certificate Service) was added, but it is not clear. Linux OS was the same setting. I tried setting up after reading wiki, but I couldn't solve it.
- Login Success :
- Login Error :
- same settings
Linux
1. Install package (realmd, sssd, sssd-tools, libnss-sss, libpam-sss, adcli, samba-common-bin, oddjob, oddjob-mkhomedir)
2. Join AD (sudo realm join -U $AD $Domain > Check realm list > join is OK)
3. Change /usr/share/pam-configs/mkhomedir > sudo pam-auth-update
4. sudo realm permit user@domain
5. Test login (sudo login > user@domain > passwd > login is OK)
- Before installing the adsys.
6. Install adsys package and make /etc/adsys.yaml
Window
1. Install Window server OS
2. Make AD domain
- different settings
Window
1. AD CS, IIS
I can't login after installing the adsys package.
I think it's a problem related to the certificate.
I referred to the following link.
https://ubuntu.com/server/docs/service-sssd
My sssd setting is as follows.
My /etc/adsys.yaml is as follows.
Is there a setting that I made a mistake in? Should id_provider be set to ldap to set the certificate? I need help.
Environment
- ADSys version: 0.8~22.04
I have a similar problem, but the error message reads:
"Error from server: error while updating policy: can't get policies for <FQDN>: requested a type computer of <FQDN> which isn't current host
@bdh1993 thank you for opening this issue. I tried to reproduce it by installing AD CS as well but I was still able to log in after this.
Can you share the output of sssctl user-checks [email protected] and sssctl domain-status?
Additionally as this seems to be an issue with getting the GPOs via samba you can try the following:
- Add a line with
log level = 10in/etc/samba/smb.conf - Run
adsysctl policy debug gpolist-scriptto generate anadsys-gpolistfile in the current directory for debugging - Run
./adsys-gpolist --objectclass user ldap://dx-ad-01.dx.ad [email protected]and paste the output here
@rsbrux I've taken a look over your issue and concluded it's a different one than the one exhibited in this report. Judging by your askubuntu post, the problem stems from the fact that hostname returns a FQDN instead of a regular hostname. As stated in the documentation you linked to:
hostnameandhostname -fmust return the name of the machine (“ad-desktop-1”) and the full name of the machine with the domain (“ad-desktop-1.warthogs.biz”) respectively
So the hostname must not be the same as the fqdn. Feel free to open a separate bug to track this, as it's a different issue.
I'm closing this report do to the lack of feedback from the OP. Feel free to reopen if it is still an issue for you.
