PBISOpen 和 Ubuntu 14.04LTS 的问题

PBISOpen 和 Ubuntu 14.04LTS 的问题

我正在测试 openpbis 8.3 版本,当我尝试在 Ubuntu 14.04 LTS 上打开新会话时遇到了身份验证问题,不是在本地网络中,而是在远程网络中。

在活动目录中添加计算机非常简单,而且在我的本地和远程网络上都没有遇到任何问题。

但是当我想使用我的活动目录帐户打开会话时,我收到消息“密码错误”

因此,我在活动目录下重新初始化了密码,并再次尝试打开会话

我输入默认密码,没有问题,系统要求我输入新密码,没有消息,一切似乎正常,之后,我输入了我的登录名和密码,并收到密码错误的消息。

如果我在 Windows 7 PC 上使用相同的登录名和密码,打开会话就没有问题。

我正在尝试调试 openpbis:

Make Sure You Are Joined to the Domain
/opt/pbis/bin/domainjoin-cli query
Name = chou-l64
Domain = mydomain.LAN
Distinguished Name = CN=CHOU-L64,CN=Computers,DC=mydomain,DC=lan

###

Check Whether You Are Using a Valid Logon Form
MYDOMAIN\username
works

###

Clear the Cache
/opt/pbis/bin/ad-cache --delete-all
ok

###

Check the Status of the PBIS Authentication Service
/opt/pbis/bin/lwsm status lsass
running (container: 1436)

###

Check Communication between the PBIS Service and AD
/opt/pbis/bin/get-dc-name mydomain.lan

Printing LWNET_DC_INFO fields:
===============================
dwDomainControllerAddressType = 24
dwFlags = 312
dwVersion = 5
wLMToken = 65535
wNTToken = 65535
pszDomainControllerName = robinson.mydomain.lan
pszDomainControllerAddress = 172.16.0.253
pucDomainGUID(hex) = 21 40 5F 7F EB EA 19 4E 8E 42 0E 13 96 19 AF EB 
pszNetBIOSDomainName = MYDOMAIN
pszFullyQualifiedDomainName = mydomain.lan
pszDnsForestName = mydomain.lan
pszDCSiteName = Lyon
pszClientSiteName = Paris
pszNetBIOSHostName = ROBINSON
pszUserName = <EMPTY>

###

Verify that PBIS Can Find a User in AD
/opt/pbis/bin/find-user-by-name MYDOMAIN.lan\\dupond
User info (Level-0):
====================
Name:              dupond
SID:               S-1-5-21-545202174-1067577326-598125351-6851
Uid:               1657281219
Gid:               1657274881
Gecos:             dupond dupond
Shell:             /bin/bash
Home dir:          /home/dupond
Logon restriction: NO

/opt/pbis/bin/find-user-by-name mydomain.lan\\admindupont
User info (Level-0):
====================
Name:              admindupont
SID:               S-1-5-21-545202174-1067577326-598125351-6830
Uid:               1657281198
Gid:               1657274881
Gecos:             Administrateur dupont
Shell:             /bin/bash
Home dir:          /home/admindupont
Logon restriction: NO

###

Make Sure the AD Authentication Provider Is Running

/opt/pbis/bin/get-status
LSA Server Status:

Compiled daemon version: 8.3.0.3287
Packaged product version: 8.3.3287.68880
Uptime:        0 days 1 hours 47 minutes 43 seconds

[Authentication provider: lsa-activedirectory-provider]

    Status:        Online
    Mode:          Un-provisioned
    Domain:        MYDOMAIN.LAN
    Domain SID:    S-1-5-21-545202174-1067577326-598125351
    Forest:        mydomain.lan
    Site:          Lyon
    Online check interval:  300 seconds
    [Trusted Domains: 1]

    [Domain: MYDOMAIN]

            DNS Domain:       mydomain.lan
            Netbios name:     MYDOMAIN
            Forest name:      mydomain.lan
            Trustee DNS name: 
            Client site name: Paris
            Domain SID:       S-1-5-21-545202174-1067577326-598125351
            Domain GUID:      00000000-0000-0000-0000-000000000000
            Trust Flags:      [0x001d]
                              [0x0001 - In forest]
                              [0x0004 - Tree root]
                              [0x0008 - Primary]
                              [0x0010 - Native]
            Trust type:       Up Level
            Trust Attributes: [0x0000]
            Trust Direction:  Primary Domain
            Trust Mode:       In my forest Trust (MFT)
            Domain flags:     [0x0003]
                              [0x0001 - Primary]
                              [0x0002 - Offline]

            [Domain Controller (DC) Information]

                    DC Name:              robinson.mydomain.lan
                    DC Address:           172.16.0.253
                    DC Site:              Lyon
                    DC Flags:             [0x00000138]
                    DC Is PDC:            no
                    DC is time server:    no
                    DC has writeable DS:  yes
                    DC is Global Catalog: no
                    DC is running KDC:    yes

###

Run the id Command to Check the User
id mydomain.lan\\dupond
uid=1657281219(dupond) gid=1657274881(utilisa.^du^domaine groupes=1657274881(utilisa.^du^domaine)

###

/etc/nsswitch.conf
passwd:         compat lsass
group:          compat lsass
shadow:         compat
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

###

/etc/pam.d/less common-session

session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session optional        pam_umask.so
session required        pam_unix.so 
session [success=ok default=ignore]     pam_lsass.so 
session optional        pam_mount.so 
session optional        pam_systemd.so 
session optional                        pam_ck_connector.so nox11

当我尝试在这台电脑上打开会话时,我收到以下消息/var/log/auth.log

Jul 23 15:22:26 chou-l64 login[1728]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:22:29 chou-l64 login[1728]: FAILED LOGIN (1) on '/dev/tty1' FOR 'dupond', Authentication failure
Jul 23 15:24:25 chou-l64 sshd[11898]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:26 chou-l64 sshd[11896]: error: PAM: Authentication failure for dupond from localhost
Jul 23 15:24:34 chou-l64 sshd[11919]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:39 chou-l64 sshd[11922]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:41 chou-l64 sshd[11896]: message repeated 2 times: [ error: PAM: Authentication failure for dupond from localhost]
Jul 23 15:24:50 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:52 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2
Jul 23 15:24:58 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:25:01 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2

我该如何解决这个问题?

相关内容