Can't log in to Ubuntu as domain user "no passwd entry for user" (SSSD, KRB5, Samba)`
9,807
I know this is not a super-helpful answer, but it is virtually impossible to help without seeing the sssd logs. Follow https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Related videos on Youtube
Author by
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I followed this guide to join my Ubuntu 14.04 server to my domain. I have everything working - the server joined AD fine, I can kinit just fine, and dynamic DNS is working great. However, when I log in to Linux and try to su as a domain user, it fails...
Example:
su domainuser No passwd entry for user 'domainuser' su timdomain\\domainuser No passwd entry for user 'timdomain\domainuser' su timdomain.local\\domainuser No passwd entry for user 'timdomain.local\domainuser' su TIMDOMAIN.LOCAL\\domainuser No passwd entry for user 'TIMDOMAIN.LOCAL\domainuser'
KRB5.conf
[libdefaults] default_realm = TIMDOMAIN.LOCAL krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] TIMDOMAIN.LOCAL = { kdc = dc01.timdomain.local admin_server = dc01.timdomain.local default_domain = timdomain.local } [domain_realm] .timdomain.local = DC01.TIMDOMAIN.LOCAL timdomain.local = DC01.TIMDOMAIN.LOCAL [login] krb4_convert = true krb4_get_tickets = false
SSSD.conf
[sssd] services = nss, pam config_file_version = 2 domains = TIMDOMAIN.LOCAL [domain\TIMDOMAIN.LOCAL] id_provider = ad overridehomedir = /home/%d/%u access_provider = simple
smb.conf
[global] workgroup = TIMDOMAIN client signing = yes client use spnego = yes kerberos method = secrets and keytab realm = TIMDOMAIN.LOCAL security = ads server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no
nsswitch.conf
passwd: compat sss group: compat sss shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis sss sudoers: files sss
~
-
U880D about 6 yearsI found the mentioned starting point for debugging problems, setting the
debug_level
to something between6
and8
, very helpful. Monitoring the logs viatail -F /var/log/sssd/*.log
gave then almost an answer.