Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- lightdm: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:username][error code:40022]
- lsass: [LwKrb5GetTgtImpl /builder/src-buildserver/Platform-8.0/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
- lsass: [lsass] Failed to authenticate user (name = 'username') -> error = 40022, symbol = LW_ERROR_PASSWORD_MISMATCH, client pid = 17768
- sshd[18237]: error: PAM: User account has expired for DOMAIN\USER from HOSTNAME
- sshd[18237]: error: Received disconnect from IP_ADDRESS: 13: Unable to authenticate [preauth]
- sshd[18276]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:domainusername][error code:40022]
- sshd[18272]: error: PAM: Authentication failure for domain\username from hostname
- lsass: [LwKrb5GetTgtImpl /builder/src-buildserver/Platform-8.0/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
- lsass: [lsass] Failed to authenticate user (name = 'domainusername') -> error = 40022, symbol = LW_ERROR_PASSWORD_MISMATCH, client pid = 18276
- root@hostname:~# su - domain\username
- su: Authentication failure
- (Ignored)
- reenter password for pam_mount:
- DOMAINusername@hostname:~$ sudo cat /etc/fstab
- [sudo] password for DOMAINusername:
- sudo: account validation failure, is your account locked?
- DOMAINusername@hostname:~$
- AllowDeleteTo ""
- AllowReadTo ""
- AllowWriteTo ""
- MaxDiskUsage 104857600
- MaxEventLifespan 90
- MaxNumEvents 100000
- DomainSeparator "\"
- SpaceReplacement "^"
- EnableEventlog false
- Providers "ActiveDirectory"
- DisplayMotd false
- PAMLogLevel "error"
- UserNotAllowedError "Access denied"
- AssumeDefaultDomain true
- CreateHomeDir true
- CreateK5Login true
- SyncSystemTime true
- TrimUserMembership true
- LdapSignAndSeal false
- LogADNetworkConnectionEvents true
- NssEnumerationEnabled true
- NssGroupMembersQueryCacheOnly true
- NssUserMembershipQueryCacheOnly false
- RefreshUserCredentials true
- CacheEntryExpiry 14400
- DomainManagerCheckDomainOnlineInterval 300
- DomainManagerUnknownDomainCacheTimeout 3600
- MachinePasswordLifespan 2592000
- MemoryCacheSizeCap 0
- HomeDirPrefix "/home"
- HomeDirTemplate "%H/%D/%U"
- RemoteHomeDirTemplate ""
- HomeDirUmask "022"
- LoginShellTemplate "/bin/bash"
- SkeletonDirs "/etc/skel"
- UserDomainPrefix "DOMAIN.COM"
- DomainManagerIgnoreAllTrusts false
- DomainManagerIncludeTrustsList
- DomainManagerExcludeTrustsList
- RequireMembershipOf "DOMAIN\DOMAIN-GROUP"
- Local_AcceptNTLMv1 true
- Local_HomeDirTemplate "%H/local/%D/%U"
- Local_HomeDirUmask "022"
- Local_LoginShellTemplate "/bin/sh"
- Local_SkeletonDirs "/etc/skel"
- UserMonitorCheckInterval 1800
- LsassAutostart true
- EventlogAutostart true
- LSA Server Status:
- Compiled daemon version: 8.0.1.2029
- Packaged product version: 8.0.2029.67662
- Uptime: 1 days 1 hours 4 minutes 26 seconds
- [Authentication provider: lsa-activedirectory-provider]
- Status: Online
- Mode: Un-provisioned
- Domain: DOMAIN.COM
- Domain SID: S-1-5-21-3537566271-1428921453-776812789
- Forest: domain.com
- Site: NYC
- Online check interval: 300 seconds
- [Trusted Domains: 1]
- [Domain: DOMAIN]
- DNS Domain: domain.com
- Netbios name: DOMAIN
- Forest name: domain.com
- Trustee DNS name:
- Client site name: NYC
- Domain SID: S-1-5-21-3537566271-1428921453-776812789
- Domain GUID: 0b6b6d88-ea48-314a-8bad-a997a57bc1f4
- Trust Flags: [0x001d]
- [0x0001 - In forest]
- [0x0004 - Tree root]
- [0x0008 - Primary]
- [0x0010 - Native]
- Trust type: Up Level
- Trust Attributes: [0x0000]
- Trust Direction: Primary Domain
- Trust Mode: In my forest Trust (MFT)
- Domain flags: [0x0001]
- [0x0001 - Primary]
- [Domain Controller (DC) Information]
- DC Name: dc2.nyc.domain.com
- DC Address: 10.x.x.50
- DC Site: NYC
- DC Flags: [0x0000f1fc]
- DC Is PDC: no
- DC is time server: yes
- DC has writeable DS: yes
- DC is Global Catalog: yes
- DC is running KDC: yes
- [Global Catalog (GC) Information]
- GC Name: dc1.nyc.domain.com
- GC Address: 10.x.x.50
- GC Site: NYC
- GC Flags: [0x0000f3fd]
- GC Is PDC: yes
- GC is time server: yes
- GC has writeable DS: yes
- GC is running KDC: yes
- User object [1 of 1] (S-1-5-21-3537566271-1428921453-776812789-1107)
- ============
- Enabled: yes
- Distinguished name: CN=USERNAME,OU=User,OU=User Accounts,DC=domain,DC=com
- SAM account name: username
- NetBIOS domain name: DOMAIN
- UPN: username@DOMAIN.COM
- Display Name: First Last
- Alias: <null>
- UNIX name: DOMAINusername
- GECOS: First LAst
- Shell: /bin/bash
- Home directory: /home/DOMAIN/username
- Windows home directory: \domain.comdfsNYCUsersusername
- Local windows home directory:
- UID: 1023411283
- Primary group SID: S-1-5-21-3537566271-1428921453-776812789-513
- Primary GID: 1023410689
- Password expired: no
- Password never expires: yes
- Change password on next logon: no
- User can change password: yes
- Account disabled: no
- Account expired: no
- Account locked: no
- [libdefaults]
- default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
- default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
- preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
- dns_lookup_kdc = true
- pkinit_kdc_hostname = <DNS>
- pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
- pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
- pkinit_eku_checking = kpServerAuth
- pkinit_win2k_require_binding = false
- pkinit_identities = PKCS11:/opt/pbis/lib/libpkcs11.so
- session [default=1] pam_permit.so
- session requisite pam_deny.so
- session required pam_permit.so
- session optional pam_umask.so
- session required pam_unix.so
- session optional pam_mount.so
- session [success=ok default=ignore] pam_lsass.so
- session optional pam_systemd.so
- auth [success=2 default=ignore] pam_unix.so nullok_secure
- auth [success=1 default=ignore] pam_lsass.so try_first_pass
- auth requisite pam_deny.so
- auth required pam_permit.so
- auth optional pam_cap.so
- auth optional pam_mount.so
- Name: Likewise
- Default: yes
- Priority: 250
- Conflicts: winbind
- Auth-Type: Primary
- Auth:
- [success=end default=ignore] pam_lsass.so try_first_pass
- Auth-Initial:
- [success=end default=ignore] pam_lsass.so
- Account-Type: Primary
- Account:
- [success=ok new_authtok_reqd=ok default=ignore] pam_lsass.so unknown_ok
- [success=end new_authtok_reqd=done default=ignore] pam_lsass.so
- Session-Type: Additional
- Session:
- sufficient pam_lsass.so
- Password-Type: Primary
- Password:
- [success=end default=ignore] pam_lsass.so use_authtok try_first_pass
- Password-Initial:
- [success=end default=ignore] pam_lsass.so
- [SeatDefaults]
- user-session=ubuntu
- greeter-show-manual-login=true
- [SeatDefaults]
- allow-guest=false
- greeter-show-remote-login=false
- greeter-show-manual-login=true
- greeter-session=unity-greeter
- account [success=3 new_authtok_reqd=done default=ignore] pam_unix.so
- account [success=ok new_authtok_reqd=ok default=ignore] pam_lsass.so unknown_ok
- account [success=1 new_authtok_reqd=done default=ignore] pam_lsass.so
- account requisite pam_deny.so
- account required pam_permit.so
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement