Trouble with Active Directory Logins on Ubuntu 24.04

By
William Rossbach
-
0
36
Asked By TechieTurtle88 On

Hey everyone, I'm having a frustrating issue with a new Ubuntu 24.04 machine in my environment. We currently have six Ubuntu 22.04 machines that work perfectly with Active Directory logins, MFA push, and all that good stuff. However, I'm having a hard time getting the 24.04 machine to behave the same way. I've checked the PAM configuration in pam.d and verified that it matches the 22.04 machines, but the 24.04 machine fails after the MFA step. In the past, similar issues on 22.04 were caused by a missing pam_mkhomedir.so line in common-session, but that's present on the 24.04 device. I've also tried enabling debug for pam_mkhomedir.so, but I'm not sure where to find the logs it generates. I'd really appreciate any advice on troubleshooting this problem!

6 Answers

Answered By PacketSniffer007 On

You might want to check your network packets (pcap) to see what's going on. Just a heads up—if you're running in RADIUS debug mode, clean up that output because passwords can show up in plain text!

Answered By SyncMaster22 On

Don't forget to ensure the time on your machines is synced. It's an easy detail to overlook, but it can cause a lot of login issues.

Answered By ConfusedUserX On

Are there any specific logs or error messages you're seeing? Also, are you using SSSD, Winbind, or something else? Don't forget to check your /etc/krb5.conf file for issues!

Answered By NinjaTechie99 On

On Ubuntu 24.04, the PAM stack has been reordered. Now, pam_systemd.so is placed above pam_mkhomedir.so and carries a control flag that makes it skip the next rule if successful. This means the mkhomedir module might not run, leaving $HOME missing, which leads to failed logins. Adjust the order or the control flags, and that should solve your issue!

Answered By MFAWiz420 On

By the way, what type of MFA are you using? Does it activate during the GUI user login?

Answered By LinuxGuru01 On

There are a ton of potential issues, but one thing to check is whether SSSD has access to all the needed Group Policy Objects (GPOs). If it doesn't, it can cause problems. You may need to adjust your sssd.conf to ignore errors and keep going. Also, turning up the debug level with sssctl can give you more insight. Remember, getting Kerberos working may seem complex, but often it's straightforward if setup is correct!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.