Archiv verlassen und diese Seite im Standarddesign anzeigen : Offline Domain Account - Ubuntu
Hallo!
Ich verwende unter Ubuntu 9.10 Client das Microsoft AD zur Authentifizierung via winbind/smbclient.
Das Ganze klappt schon seit 8.x ohne Probleme. Seit dem Update auf 9.10 kann ich mich allerdings nicht mehr mit meinem Domain-Login offline einloggen - also vornehmlich an einem Laptop der gerade keine Netzwerkverbindung zum DC hat.
Vielen Dank für jedwede Hilfe!
Nico
Fehlermeldung, Logeinträge, Konfigurationen?
Rückmeldung vomGUI-Login: "no logon servers" | "Authentifikation fehlgeschlagen"
auth.log
---8<---
Jan 7 13:28:47 R52ausleihe-u gdm-session-worker[3101]: PAM adding faulty module: /lib/security/pam_foreground.so
Jan 7 13:28:50 R52ausleihe-u gdm-session-worker[3101]: pam_mount(rdconf1.c:396): Could not get password entry
Jan 7 13:28:50 R52ausleihe-u gdm-session-worker[3101]: pam_mount(rdconf1.c:1185): getpwnam: Success
Jan 7 13:28:50 R52ausleihe-u gdm-session-worker[3101]: pam_mount(rdconf1.c:1185): getpwnam: Success
Jan 7 13:28:55 R52ausleihe-u gdm-session-worker[3101]: pam_winbind(gdm:auth): getting password (0x00000088)
Jan 7 13:28:55 R52ausleihe-u gdm-session-worker[3101]: pam_winbind(gdm:auth): pam_get_item returned a password
Jan 7 13:28:55 R52ausleihe-u gdm-session-worker[3101]: pam_unix(gdm:auth): check pass; user unknown
Jan 7 13:28:55 R52ausleihe-u gdm-session-worker[3101]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jan 7 13:28:55 R52ausleihe-u gdm-session-worker[3101]: gkr-pam: error looking up user information
Jan 7 13:29:01 R52ausleihe-u gdm-session-worker[3373]: PAM unable to dlopen(/lib/security/pam_foreground.so): /lib/security/pam_foreground.so: cannot open shared object file: No such file or directory
Jan 7 13:29:01 R52ausleihe-u gdm-session-worker[3373]: PAM adding faulty module: /lib/security/pam_foreground.so
Jan 7 13:29:04 R52ausleihe-u gdm-session-worker[3373]: pam_mount(rdconf1.c:396): Could not get password entry
Jan 7 13:29:04 R52ausleihe-u gdm-session-worker[3373]: pam_mount(rdconf1.c:1185): getpwnam: Success
Jan 7 13:29:04 R52ausleihe-u gdm-session-worker[3373]: pam_mount(rdconf1.c:1185): getpwnam: Success
Jan 7 13:29:09 R52ausleihe-u gdm-session-worker[3373]: pam_winbind(gdm:auth): getting password (0x00000088)
Jan 7 13:29:09 R52ausleihe-u gdm-session-worker[3373]: pam_winbind(gdm:auth): pam_get_item returned a password
Jan 7 13:29:09 R52ausleihe-u gdm-session-worker[3373]: pam_unix(gdm:auth): check pass; user unknown
Jan 7 13:29:09 R52ausleihe-u gdm-session-worker[3373]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jan 7 13:29:09 R52ausleihe-u gdm-session-worker[3373]: gkr-pam: error looking up user information
Jan 7 13:29:15 R52ausleihe-u gdm-session-worker[3600]: PAM unable to dlopen(/lib/security/pam_foreground.so): /lib/security/pam_foreground.so: cannot open shared object file: No such file or directory
Jan 7 13:29:15 R52ausleihe-u gdm-session-worker[3600]: PAM adding faulty module: /lib/security/pam_foreground.so
Jan 7 13:29:17 R52ausleihe-u gdm-session-worker[3600]: pam_mount(rdconf1.c:396): Could not get password entry
Jan 7 13:29:17 R52ausleihe-u gdm-session-worker[3600]: pam_mount(rdconf1.c:1185): getpwnam: Success
Jan 7 13:29:17 R52ausleihe-u gdm-session-worker[3600]: pam_mount(rdconf1.c:1185): getpwnam: Success
Jan 7 13:29:18 R52ausleihe-u gdm-session-worker[3600]: pam_winbind(gdm:auth): getting password (0x00000088)
Jan 7 13:29:18 R52ausleihe-u gdm-session-worker[3600]: pam_winbind(gdm:auth): pam_get_item returned a password
Jan 7 13:29:18 R52ausleihe-u gdm-session-worker[3600]: pam_unix(gdm:auth): check pass; user unknown
Jan 7 13:29:18 R52ausleihe-u gdm-session-worker[3600]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jan 7 13:29:18 R52ausleihe-u gdm-session-worker[3600]: gkr-pam: error looking up user information
Jan 7 13:29:45 R52ausleihe-u gdm-session-worker[3762]: PAM unable to dlopen(/lib/security/pam_foreground.so): /lib/security/pam_foreground.so: cannot open shared object file: No such file or directory
Jan 7 13:29:45 R52ausleihe-u gdm-session-worker[3762]: PAM adding faulty module: /lib/security/pam_foreground.so
Jan 7 13:29:50 R52ausleihe-u gdm-session-worker[3762]: pam_winbind(gdm:auth): getting password (0x00000088)
Jan 7 13:29:50 R52ausleihe-u gdm-session-worker[3762]: pam_winbind(gdm:auth): pam_get_item returned a password
Jan 7 13:29:50 R52ausleihe-u gdm-session-worker[3762]: pam_winbind(gdm:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTHINFO_UNAVAIL (9), NTSTATUS: NT_STATUS_NO_LOGON_SERVERS, Error message was: No logon servers
Jan 7 13:29:50 R52ausleihe-u gdm-session-worker[3762]: pam_winbind(gdm:auth): internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'root')
Jan 7 13:29:50 R52ausleihe-u gdm-session-worker[3762]: pam_winbind(gdm:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Jan 7 13:29:50 R52ausleihe-u gdm-session-worker[3762]: pam_unix(gdm:session): session opened for user root by (uid=0)
Jan 7 13:29:50 R52ausleihe-u gnome-keyring-daemon[4166]: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files
Jan 7 13:29:51 R52ausleihe-u gnome-keyring-daemon[4166]: The daemon was already initialized.
Jan 7 13:29:51 R52ausleihe-u seahorse-daemon[4250]: init gpgme version 1.1.8
smb.conf
[global]
# AD-Domainname
workgroup = DOMAIN
# NETBIOS-Name des Clients (%h = Hostname)
netbios name = %h
# Kerberos-Realm
realm = X.Y.Z
# Pfad zu der/n Logdatei/en
log file = /var/log/sama/%m.log
# Maximal Groesse der Logdateien
max log size = 50
# Sicherheitsstufe fuer Active Directory
security = ads
# Adressen der Domaincrontroller (* = automatische Erkennung)
password server = *
# Passwoerter werden verschluesselt uebertragen
encrypt passwords = yes
# Standrd Socketeinstellungen
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Samba ist KEIN Domaincontroller
domain master = no
preferred master = no
# WINS-Server
wins server = 192.168.x.x 192.168.x.x 192.168.x.x
# Standard WINBIND-Optionen
# Bereich, in dem AD-Accounts POSIX-uids zugewiesen werden
idmap uid = 50001-550000
# Bereich, in em AD-Gruppen POSIX-gids zugewiesen werden
idmap gid = 50001-550000
# Trennzeichen zwischen Domain und Ressourcenname (z.B. DOMAIN+<Benutzername>)
winbind separator = +
# Auflisten von Domainbenutzern erlauben
winbind enum users = yes
# Auflisten von Domaingruppen erlauben
winbind enum groups = yes
# Cache Session
winbind cache time = 10
# Verschachtelte Gruppen erlauben
winbind nested groups = yes
# Standardshell, fuer Benutzer
template shell = /bin/bash
# Pfad zum Homeverzeichnis fuer Benutzer (%U = Benutzername)
template homedir = /home/%U
# Defaultdomain (workgroup) bei Benutzernamen usw. automatisch ergaenzen
# (bei 'no' müss man zum Einloggen z.B. DOMAIN+<Benutzername> eingeben)
winbind use default domain = yes
---8<---
Inzwischen konnte ich in Erfahrung bringen das es wohl am Session Caching liegt. nscd (Name System Cache Deamon) ist zwar in aktueller Version installiert, aber wohl nicht richtig eingebunden. Wenn jemand dazu was weiß... danke!
Powered by vBulletin® Version 4.2.5 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.