Results 1 to 2 of 2

Thread: sssd/realmd login issue after hostname change

  1. October 15th, 2015 #1
    Shadow aok
    Shadow aok is offline 5 Cups of Ubuntu
    Join Date
    Oct 2011
    Beans
    21

    Exclamation sssd/realmd login issue after hostname change

    Hello,

    With an Ubuntu 14.04 x86 desktop computer, i'm using sssd/realmd to login using active directory (windows 2008 r2) accounts.
    I followed this tutorial : http://www.ubuntugeek.com/how-to-joi...ng-realmd.html

    Everything worked fine until I had to rename the computer.
    Here's what I did :
    • realm --verbose leave lan.domain.tld
    • deleted computer entry in AD
    • updated /etc/hostname file
    • updated /etc/hosts file
    • reboot, checked new hostname is valid
    • realm –verbose join lan.domain.tld –user-principal=NEWHOSTNAME/administrator@LAN.DOMAIN.TLD –unattended
    • reboot


    Everything seemed fine but I can't login with AD accounts anymore (new ones or old one which I already used on the computer).
    Unity displays a wrong password error.
    Local logins works fine.

    AD accounts can login using ssh AND su.

    Auth.log
    Code:
    Oct 15 16:06:16 NEWHOSTNAME lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=ADACCOUNT
Oct 15 16:06:17 NEWHOSTNAME lightdm: pam_sss(lightdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=ADACCOUNT
Oct 15 16:06:17 NEWHOSTNAME lightdm: pam_sss(lightdm:account): Access denied for user ADACCOUNT: 6 (Permission denied)
    I got nothing relevant in sssd.log, even with debug set to 10.

    sssd_lan.domain.tld.log is empty unless I start manually sssd with -d9 parameter
    Code:
    (Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [check_wait_queue] (0x1000): Wait queue for user [ADACCOUNT] is empty.
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [be_pam_handler_callback] (0x0100): Sending result [0][lan.domain.tld]
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [be_pam_handler_callback] (0x0100): Sent result [0][lan.domain.tld]
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [sbus_dispatch] (0x4000): dbus conn: 0x181cfc0
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler]
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [be_req_set_domain] (0x0400): Changing request domain from [lan.domain.tld] to [lan.domain.tld]
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [be_pam_handler] (0x0100): Got request with the following data
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): domain: lan.domain.tld
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): user: ADACCOUNT
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): service: lightdm
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): tty: :0
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): ruser:
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): rhost:
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): authtok type: 0
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): priv: 1
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [pam_print_data] (0x0100): cli_pid: 3815
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [simple_access_obtain_filter_lists] (0x0200): Deny users list is empty.
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [simple_access_obtain_filter_lists] (0x0200): Allow groups list is empty.
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [simple_access_obtain_filter_lists] (0x0200): Deny groups list is empty.
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [simple_access_check_send] (0x0200): Simple access check for ADACCOUNT
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [simple_access_check_send] (0x1000): No group restrictions, end request
(Thu Oct 15 16:37:14 2015) [sssd[be[lan.domain.tld]]] [simple_access_check_recv] (0x1000): Access not granted
    upstart/sssd.log
    Code:
    (Thu Oct 15 16:36:03:125248 2015) [sssd[be[lan.domain.tld]]] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
(Thu Oct 15 16:36:03:393953 2015) [sssd[nss]] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
(Thu Oct 15 16:36:03:394558 2015) [sssd[pam]] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
; TSIG error with server: tsig verify failure
update failed: REFUSED
    Any idea ?

    Thanks
    Last edited by Shadow aok; October 16th, 2015 at 09:29 AM.
    Advanced reply Adv Reply  
  2. October 16th, 2015 #2
    Shadow aok
    Shadow aok is offline 5 Cups of Ubuntu
    Join Date
    Oct 2011
    Beans
    21

    Re: sssd/realmd login issue after hostname change

    I reinstalled the system, set the wanted hostname, and integrated the computer in AD again.
    Problem solved.
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct