[Samba] Linux client of the domain - SSSD : authenticating via Kerberos

Fri Dec 20 07:05:07 MST 2013

On Fri, 2013-12-20 at 14:48 +0100, Cyril wrote:
> >
> > I'll do some more testing. Re-try on a fresh install
> > And I'll do a summary.
> >
> >
> > Cyril
> >
> 
> I still have issue :
> 
> When installing libpam-sss,
> there's a dependency libpam-pwquality (>= 1.2.2-1)
> But I can't find it in ubuntu 12.04.
> 
> So I deactivate the ppa for ssd
> 
> And I install an older version of libnss-sss.
> 
> Now If I try to open a session on the workstation :
> 
> with "NT4Domain/MyUser"
> Dec 20 13:47:12 cyril-VB lightdm: pam_sss(lightdm:auth): authentication 
> failure; logname= uid=0 euid=0  tty=:1 ruser= rhost= user=NT4Domain/MyUser
> Dec 20 13:47:12 cyril-VB lightdm: pam_sss(lightdm:auth): received for 
> user NT4Domain/MyUser: 10 (User not known to the underlying 
> authentication module)
> 
> with "Myuser"
> Dec 20 14:07:55 cyril-VB lightdm: pam_succeed_if(lightdm:auth): 
> requirement "user ingroup nopasswdlogin" not met by user "Myuser"
> Dec 20 14:07:59 cyril-VB lightdm: pam_unix(lightdm:auth): authentication 
> failure; logname= uid=0 euid=0 tty=:1 ruser= rhost=  user=Myuser
> Dec 20 14:07:59 cyril-VB lightdm: pam_sss(lightdm:auth): authentication 
> failure; logname= uid=0 euid=0 tty=:1 ruser= rhost= user=Myuser
> Dec 20 14:07:59 cyril-VB lightdm: pam_sss(lightdm:auth): received for 
> user Myuser: 9 (Authentication service cannot retrieve authentication info)
> 
> "Myuser" is an existing user on the domain and It does have Unix 
> attribut (UID and GID)
> 
> Is there any way to install libpam-pwquality manually or from any ppa ?
> and then use the newer libnss-sss ?
> 
> 
> Cyril
> 

Yep, OK. As I predicted, pam is the next issue.

It looks like you have a different /etc/pam.d/common-auth to the one you
originally posted. Can you post the latest version?

I'm not sure if
pam-auth-update
is new enough to include sssd yet, but cold you give it a go anyway?
Steve