Trouble with Active Directory Login on Ubuntu 24.04

On Ubuntu 24.04, the PAM stack was slightly altered—the pam_systemd.so module now appears before the pam_mkhomedir.so line and uses a control flag of [success=1 ...]. When pam_systemd is successful, it can skip the next rule, preventing pam_mkhomedir from running. This leads to sessions failing because $HOME doesn't get created. You may need to adjust the order of the PAM modules or their control flags to fix the login issue.

Have you checked the packet capture? Running in radius debug might help, just remember to sanitize that output because passwords can show up in plain text!

Don't forget to check that your system clock is synced. It’s a small detail, but it can be easily overlooked and cause logins to fail.

There could be a lot of reasons for this issue. One possibility is that there are denied access permissions to GPOs. Make sure SSSD can access all of them, or adjust your sssd.conf to allow it to ignore access issues and continue. Just a heads up, SSSD logs are mainly in the system journal, but they won't provide extensive information. Consider using sssctl to increase the debug level if needed. Also, keep in mind that Kerberos can get complicated, but if you find yourself needing to do more than just `realm join ALLCAPSDOMAIN.TLD`, something might be misconfigured in your setup.

Are there any specific error messages in the logs? Also, are you using SSSD or Winbind? Take a look at your /etc/krb5.conf file; sometimes issues can stem from incorrect configurations there.

By the way, which MFA method are you using? Does it activate during the GUI login?