Web lists-archives.com

problems using PBIS-Open for AD authentication




Hello,

Just wondering if anyone on here is using PBIS-Open (the successor to Likewise-Open) in order to authenticate with an AD domain controller.

I have managed to install it on several machines. I can run the domainjoin-cli program, join the domain, but not login using AD credentials. I can see all the AD users on the login screen, it just claims the password is wrong every time.

If I look at auth.log, this is what I see:

Apr 2 15:55:26 rvfk-mbproc-04 login[9471]: [lsass-pam] [module:pam_lsass]User paul.d is denied access because they are not in the 'require membership of' list Apr 2 15:55:26 rvfk-mbproc-04 login[9471]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:paul.d][error code:40158] Apr 2 15:55:29 rvfk-mbproc-04 login[9471]: FAILED LOGIN (2) on '/dev/pts/1' FOR 'paul.d', Authentication failure

Running /opt/pbis/bin/config --show RequireMembershipOf I get the following:

   multistring
   DomainUsers

   local policy

And, yes, that really is a blank line between DomainUsers and local policy.

I have an older system running Likewise-Open which IS working correctly, but I cannot find an equivalent to that command in order to show the RequiredMemberships on that system.

And the operating system is Linux Mint 18. Yes, I know its not pure Debian, but I suspect there may be someone on her with a Clue about this...

Thanks!

Paul.