Ubuntu 12.04 // Likewise Open // Unable to ever authenticate AD users
- by Rob
So Ubuntu 12.04, Likewise latest from the beyondtrust website.
Joins domain fine.
Gets proper information from lw-get-status.
Can use lw-find-user-by-name to retrieve/locate users.
Can use lw-enum-users to get all users.
Attempting to login with an AD user via SSH generates the following errors in the auth.log file:
Nov 28 19:15:45 hostname sshd[2745]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
Nov 28 19:15:45 hostname sshd[2745]: PAM adding faulty module: pam_winbind.so
Nov 28 19:15:51 hostname sshd[2745]: error: PAM: Authentication service cannot retrieve authentication info for DOMAIN\\user.name from remote.hostname
Nov 28 19:16:06 hostname sshd[2745]: Connection closed by 10.1.1.84 [preauth]
Attempting to login via the LightDM itself generates similar errors in the auth.log file.
Nov 28 19:19:29 hostname lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
Nov 28 19:19:29 hostname lightdm: PAM adding faulty module: pam_winbind.so
Nov 28 19:19:47 hostname lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "DOMAIN\user.name"
Nov 28 19:19:52 hostname lightdm: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:DOMAIN\user.name][error code:40022]
Nov 28 19:19:54 hostname lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
Nov 28 19:19:54 hostname lightdm: PAM adding faulty module: pam_winbind.so
Attempting to login via a console on the system itself generates slightly different errors:
Nov 28 19:31:09 hostname login[997]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
Nov 28 19:31:09 hostname login[997]: PAM adding faulty module: pam_winbind.so
Nov 28 19:31:11 hostname login[997]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:DOMAIN\user.name][error code:40022]
Nov 28 19:31:14 hostname login[997]: FAILED LOGIN (1) on '/dev/tty2' FOR 'DOMAIN\user.name', Authentication service cannot retrieve authentication info
Nov 28 19:31:31 hostname login[997]: FAILED LOGIN (2) on '/dev/tty2' FOR 'DOMAIN\user.name', Authentication service cannot retrieve authentication info
I am baffled. The errors obviously are correct, the file /lib/security/pam_winbind.so does not exist. If its a dependancy/required, surely it should be part of the package? I've installed/reinstalled, I've used the downloaded package from the beyondtrust website, i've used the repository, nothing seems to work, every method of installing this application generates the same errors for me.
UPDATE :
Hrmm, I thought likewise didn't use native winbind but its own modules.
Installing winbind from apt-get uninstalls pbis-open (likewise) and generates failures when installing if pbis-open is installed first.
Uninstalled winbind, reinstalled pbis-open, same issue as above. The file pam_winbind.so does not exist in that location.
Setting up pbis-open-legacy (7.0.1.918) ...
Installing Packages was successful
This computer is joined to DOMAIN.LOCAL
New libraries and configurations have been installed for PAM and NSS.
Clearly it thinks it has installed it, but it hasn't. It may be a legacy issue with the previous attempt to configure domain integration manually with winbind.
Does anyone have a working likewise-open installation and does the /etc/nsswitch.conf include references to winbind?
Or do the /etc/pam.d/common-account or /etc/pam.d/common-password reference pam_winbind.so? I'm unsure if those entries are just legacy or setup by likewise.
UPDATE 2 :
Complete reinstall of OS fixed it and it worked seamlessly, like it was meant to and those 2 PAM files did NOT include entries for pam_winbind.so, so that was the underlying problem.
Thanks for the assist.
