[Bug 205577] New: Suddenly unable to login via SSH using Windows Domain logid that worked earlier
https://bugzilla.novell.com/show_bug.cgi?id=205577 Summary: Suddenly unable to login via SSH using Windows Domain logid that worked earlier Product: SUSE Linux 10.1 Version: Final Platform: i686 OS/Version: SuSE Linux 10.1 Status: NEW Severity: Minor Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jack.hamilton@uboc.com QAContact: jsrain@novell.com PROBLEM: YaST2 > Network Services > Windows Domain Membership; affecting Windows domain logins if ABORTING/CANCELING instead of clicking FINISH even when no changes made to working configuration. SYMPTOM: Suddenly unable to login via SSH using Windows Domain logid (i.e., mydomain\jdoe) that worked earlier. /var/log/messages shows the following errors when a domain user tries to login: Sep 13 13:55:48 pcp060308pcs sshd[24767]: error: PAM: User not known to the underlying authentication module for illegal user ipss\\ub49006 from xpn-l3a7281-udp01019032uds.uboc.com Sep 13 13:55:48 pcp060308pcs sshd[24767]: Failed keyboard-interactive/pam for invalid user ipss\\ub49006 from 10.20.32.36 port 4265 ssh2 ROOT CAUSE: Apparently occurs if a priviliged user (root) goes into YaST Control Center > Network Services > Windows Domain Membership and then ABORTS or cancels. Regardless if any changes were made or if the changes were left as-is, this has the effect of breaking domain authentication. To resolve, simply click FINISH next time and confirm by trying to log into an SSH session with a domain logid. WORK-AROUND TO RESOLVE WHEN AUTHENTICATION IS BROKEN: 1. As root (or privileged account), open the YaST Control Center > Network Services > Windows Domain Membership. 2. Confirm the following are filled out and checked: Domain: Your FQDN x Also use SMB Information for Linux Authentication x Create Home Directory on Login x Offline Authentication Sharing by Users is optional. 3. Click Finished. NOTE: Even if the above are already set, clicking FINISHED seems to re-write the configuration and/or restart the services that re-read the configuration, which in turn seems to resolve the problem, until the above steps are repeated again causing the problem to re-manifest. NOTE: If the login failed and the above steps are followed, you will need to close out the original session and start a new SSH session; otherwise, the original session will always fail at the login prompt regardless of following the above steps and will make it appear that the above fix is not working. BUILD: Linux 2.6.16.13-4-default #1 Wed May 3 04:53:23 UTC 2006 i686 i686 i386 GNU/Linux HW: vendor_id : GenuineIntel cpu family : 15 model : 2 model name : Intel(R) Celeron(R) CPU 2.00GHz -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 ------- Comment #1 from jack.hamilton@uboc.com 2006-09-13 15:58 MST ------- Created an attachment (id=98643) --> (https://bugzilla.novell.com/attachment.cgi?id=98643&action=view) yast2 log -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 ------- Comment #2 from jack.hamilton@uboc.com 2006-09-13 15:59 MST ------- Created an attachment (id=98644) --> (https://bugzilla.novell.com/attachment.cgi?id=98644&action=view) hwinfo output -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 ------- Comment #3 from jack.hamilton@uboc.com 2006-09-14 18:38 MST ------- Discovered today that the domain logids are unable to login (and existing logins sometimes, but not always, displays a message about not being able to locate the UID/GID if doing a 'id' or 'whoami' command) after I did some online and system updates (YaST > Software > Online Update and System Update) despite never going to "Windows Domain Memberships"; however, I was able to quickly resolve the matter using the usual 'go to Windows Domain Membership and click FINISH' work-around. I can attach this latest yast2log if desired. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 ------- Comment #4 from jack.hamilton@uboc.com 2006-09-14 18:43 MST ------- Created an attachment (id=98769) --> (https://bugzilla.novell.com/attachment.cgi?id=98769&action=view) yast2 log for 20060914 This will (hopefully) show what occured in Yast today (doing Online Updates and System Updates via "Software" in Yast GUI) when the problem re-manifested despite never going to Windows Domain Membership earlier. (Later I did to fix the problem.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 aj@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |yast2-maintainers@suse.de |screening@forge.provo.novell| |.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 fehr@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|yast2-maintainers@suse.de |jsuchome@novell.com ------- Comment #5 from fehr@novell.com 2006-09-21 01:37 MST ------- Reassign to maintainer to maintainer of samba-client -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@novell.com AssignedTo|jsuchome@novell.com |hmuelle@novell.com ------- Comment #6 from jsuchome@novell.com 2006-09-21 01:51 MST ------- If I undestand this right, you are saying that samba configuration was deactivated without an interaction of yast2-samba-client module. The second case indicates that it could be caused by updated samba packages - maybe the patch rpm's didn't restarted the services correctly? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|hmuelle@novell.com |lmuelle@novell.com ------- Comment #7 from jsuchome@novell.com 2006-09-21 01:51 MST ------- (sorry, wrong login) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205577
User cthiel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=205577#c8
Christoph Thiel
participants (1)
-
bugzilla_noreply@novell.com