Hello,
Just wondering if anyone on here is using PBIS-Open (the successor to
Likewise-Open) in order to authenticate with an AD domain controller.
I have managed to install it on several machines. I can run the
domainjoin-cli program, join the domain, but not login using AD
credentials. I can see all the AD users on the login screen, it just
claims the password is wrong every time.
If I look at auth.log, this is what I see:
Apr 2 15:55:26 rvfk-mbproc-04 login[9471]: [lsass-pam]
[module:pam_lsass]User paul.d is denied access because they are not in
the 'require membership of' list
Apr 2 15:55:26 rvfk-mbproc-04 login[9471]: [lsass-pam]
[module:pam_lsass]pam_sm_authenticate error [login:paul.d][error code:40158]
Apr 2 15:55:29 rvfk-mbproc-04 login[9471]: FAILED LOGIN (2) on
'/dev/pts/1' FOR 'paul.d', Authentication failure
Running /opt/pbis/bin/config --show RequireMembershipOf I get the following:
multistring
DomainUsers
local policy
And, yes, that really is a blank line between DomainUsers and local policy.
I have an older system running Likewise-Open which IS working correctly,
but I cannot find an equivalent to that command in order to show the
RequiredMemberships on that system.
And the operating system is Linux Mint 18. Yes, I know its not pure
Debian, but I suspect there may be someone on her with a Clue about this...
Thanks!
Paul.
