https://bugzilla.novell.com/show_bug.cgi?id=205577 Summary: Suddenly unable to login via SSH using Windows Domain logid that worked earlier Product: SUSE Linux 10.1 Version: Final Platform: i686 OS/Version: SuSE Linux 10.1 Status: NEW Severity: Minor Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jack.hamilton@uboc.com QAContact: jsrain@novell.com PROBLEM: YaST2 > Network Services > Windows Domain Membership; affecting Windows domain logins if ABORTING/CANCELING instead of clicking FINISH even when no changes made to working configuration. SYMPTOM: Suddenly unable to login via SSH using Windows Domain logid (i.e., mydomain\jdoe) that worked earlier. /var/log/messages shows the following errors when a domain user tries to login: Sep 13 13:55:48 pcp060308pcs sshd[24767]: error: PAM: User not known to the underlying authentication module for illegal user ipss\\ub49006 from xpn-l3a7281-udp01019032uds.uboc.com Sep 13 13:55:48 pcp060308pcs sshd[24767]: Failed keyboard-interactive/pam for invalid user ipss\\ub49006 from 10.20.32.36 port 4265 ssh2 ROOT CAUSE: Apparently occurs if a priviliged user (root) goes into YaST Control Center > Network Services > Windows Domain Membership and then ABORTS or cancels. Regardless if any changes were made or if the changes were left as-is, this has the effect of breaking domain authentication. To resolve, simply click FINISH next time and confirm by trying to log into an SSH session with a domain logid. WORK-AROUND TO RESOLVE WHEN AUTHENTICATION IS BROKEN: 1. As root (or privileged account), open the YaST Control Center > Network Services > Windows Domain Membership. 2. Confirm the following are filled out and checked: Domain: Your FQDN x Also use SMB Information for Linux Authentication x Create Home Directory on Login x Offline Authentication Sharing by Users is optional. 3. Click Finished. NOTE: Even if the above are already set, clicking FINISHED seems to re-write the configuration and/or restart the services that re-read the configuration, which in turn seems to resolve the problem, until the above steps are repeated again causing the problem to re-manifest. NOTE: If the login failed and the above steps are followed, you will need to close out the original session and start a new SSH session; otherwise, the original session will always fail at the login prompt regardless of following the above steps and will make it appear that the above fix is not working. BUILD: Linux 2.6.16.13-4-default #1 Wed May 3 04:53:23 UTC 2006 i686 i686 i386 GNU/Linux HW: vendor_id : GenuineIntel cpu family : 15 model : 2 model name : Intel(R) Celeron(R) CPU 2.00GHz -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.