Hello,
I’ve read the documentation on https://docs.software-univention.de/domain-4.1.html#ext-dom-ubuntu, but this adds the computer to the domain.
Is there a way to only use the authentication without adding the computer to the domain?
We have applications and systems that do use the authentication only and are working fine (atlassian jira and Confluence, Sonatype Nexus, Netgear readyNAS …)
I have a mix of Ubuntu server 14.04 and 16.04 and after running the whole script i can get a list of users with getent passwd, but can’t login as one of the users.
Auth.log shows;
Feb 7 08:05:40 su-tst-01 login[1086]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=ubuntuuser
Feb 7 08:05:40 su-tst-01 login[1086]: pam_sss(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=ubuntuuser
Feb 7 08:05:40 su-tst-01 login[1086]: pam_sss(login:auth): received for user ubuntuuser: 4 (System error)
Feb 7 08:05:43 su-tst-01 login[1086]: FAILED LOGIN (1) on ‘/dev/tty1’ FOR ‘ubuntuuser’, Authentication failure
That account in the getent passwd list shows as;
ubuntuuser:*:2010:5001:Ubuntu User:/home/ubuntuuser:/bin/bash
The syslog file shows;
Feb 7 08:01:07 su-tst-01 systemd[1]: Started System Security Services Daemon.
Feb 7 08:05:40 su-tst-01 [sssd[krb5_child[3762]]]: Cannot find KDC for realm “mydomain.COM”
Feb 7 08:05:40 su-tst-01 [sssd[krb5_child[3762]]]: Cannot find KDC for realm “mydomain.COM”
Feb 7 08:06:37 su-tst-01 systemd[1]: getty@tty1.service: Service has no hold-off time, scheduling restart.
Feb 7 08:06:37 su-tst-01 systemd[1]: Stopped Getty on tty1.
Feb 7 08:06:37 su-tst-01 systemd[1]: Started Getty on tty1.
Thanks