Help diagnosing Likewise Open Active Directory authentication problem
- by purpletonic
I have two servers which were up until recently authenticating against the companies Active Directory Domain controller. I believe a recent change to the Active Directory administrator password caused the servers to stop authenticating against AD. I tried to add the servers back to the domain using the command:
domainjoin-cli join example.com adusername
this seemed to work without complaints, but when I try to login via ssh with my domain account, I get an invalid password error. When I run the command:
lw-enum-users
it prints all of the domain users, and looking up my own account, I see that it is valid and my password hasn't expired. I also ran
lw-get-status and received the following:
LSA Server Status:
Agent version: 5.0.0
Uptime: 0 days 3 hours 35 minutes 46 seconds
[Authentication provider: lsa-activedirectory-provider]
Status: Online
Mode: Un-provisioned
Domain: example.com
Forest: example.com
Site: Default-First-Site-Name
Online check interval: 300 seconds
\[Trusted Domains: 1\]
\[Domain: EXAMPLE\]
DNS Domain: example.com
Netbios name: EXAMPLE
Forest name: example.com
Trustee DNS name:
Client site name: Default-First-Site-Name
Domain SID: S-1-5-24-1081533780-4562211299-822531512
Domain GUID: 057f0239-7715-4711-e64b-eb5eeed20e65
Trust Flags: \[0x001d\]
\[0x0001 - In forest\]
\[0x0004 - Tree root\]
\[0x0008 - Primary\]
\[0x0010 - Native\]
Trust type: Up Level
Trust Attributes: \[0x0000\]
Trust Direction: Primary Domain
Trust Mode: In my forest Trust (MFT)
Domain flags: \[0x0001\]
\[0x0001 - Primary\]
\[Domain Controller (DC) Information\]
DC Name: dc1.example.com
DC Address: 10.11.0.103
DC Site: Default-First-Site-Name
DC Flags: \[0x000003fd\]
DC Is PDC: yes
DC is time server: yes
DC has writeable DS: yes
DC is Global Catalog: yes
DC is running KDC: yes
[Authentication provider: lsa-local-provider]
Status: Online
Mode: Local system
Anyone got any ideas what might be occurring?
Thanks in advance!
