API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 1st, 2017
578
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.30 KB | None | 0 0
raw download clone embed print report
  1. lightdm: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:username][error code:40022]
  2.  
  3. lsass: [LwKrb5GetTgtImpl /builder/src-buildserver/Platform-8.0/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
  4. lsass: [lsass] Failed to authenticate user (name = 'username') -> error = 40022, symbol = LW_ERROR_PASSWORD_MISMATCH, client pid = 17768
  5.  
  6. sshd[18237]: error: PAM: User account has expired for DOMAIN\USER from HOSTNAME
  7. sshd[18237]: error: Received disconnect from IP_ADDRESS: 13: Unable to authenticate [preauth]
  8.  
  9. sshd[18276]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:domainusername][error code:40022]
  10. sshd[18272]: error: PAM: Authentication failure for domain\username from hostname
  11.  
  12. lsass: [LwKrb5GetTgtImpl /builder/src-buildserver/Platform-8.0/src/linux/lwadvapi/threaded/krbtgt.c:276] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
  13. lsass: [lsass] Failed to authenticate user (name = 'domainusername') -> error = 40022, symbol = LW_ERROR_PASSWORD_MISMATCH, client pid = 18276
  14.  
  15. root@hostname:~# su - domain\username
  16. su: Authentication failure
  17. (Ignored)
  18. reenter password for pam_mount:
  19. DOMAINusername@hostname:~$ sudo cat /etc/fstab
  20. [sudo] password for DOMAINusername:
  21. sudo: account validation failure, is your account locked?
  22. DOMAINusername@hostname:~$
  23.  
  24. AllowDeleteTo ""
  25. AllowReadTo ""
  26. AllowWriteTo ""
  27. MaxDiskUsage 104857600
  28. MaxEventLifespan 90
  29. MaxNumEvents 100000
  30. DomainSeparator "\"
  31. SpaceReplacement "^"
  32. EnableEventlog false
  33. Providers "ActiveDirectory"
  34. DisplayMotd false
  35. PAMLogLevel "error"
  36. UserNotAllowedError "Access denied"
  37. AssumeDefaultDomain true
  38. CreateHomeDir true
  39. CreateK5Login true
  40. SyncSystemTime true
  41. TrimUserMembership true
  42. LdapSignAndSeal false
  43. LogADNetworkConnectionEvents true
  44. NssEnumerationEnabled true
  45. NssGroupMembersQueryCacheOnly true
  46. NssUserMembershipQueryCacheOnly false
  47. RefreshUserCredentials true
  48. CacheEntryExpiry 14400
  49. DomainManagerCheckDomainOnlineInterval 300
  50. DomainManagerUnknownDomainCacheTimeout 3600
  51. MachinePasswordLifespan 2592000
  52. MemoryCacheSizeCap 0
  53. HomeDirPrefix "/home"
  54. HomeDirTemplate "%H/%D/%U"
  55. RemoteHomeDirTemplate ""
  56. HomeDirUmask "022"
  57. LoginShellTemplate "/bin/bash"
  58. SkeletonDirs "/etc/skel"
  59. UserDomainPrefix "DOMAIN.COM"
  60. DomainManagerIgnoreAllTrusts false
  61. DomainManagerIncludeTrustsList
  62. DomainManagerExcludeTrustsList
  63. RequireMembershipOf "DOMAIN\DOMAIN-GROUP"
  64. Local_AcceptNTLMv1 true
  65. Local_HomeDirTemplate "%H/local/%D/%U"
  66. Local_HomeDirUmask "022"
  67. Local_LoginShellTemplate "/bin/sh"
  68. Local_SkeletonDirs "/etc/skel"
  69. UserMonitorCheckInterval 1800
  70. LsassAutostart true
  71. EventlogAutostart true
  72.  
  73. LSA Server Status:
  74.  
  75. Compiled daemon version: 8.0.1.2029
  76. Packaged product version: 8.0.2029.67662
  77. Uptime: 1 days 1 hours 4 minutes 26 seconds
  78.  
  79. [Authentication provider: lsa-activedirectory-provider]
  80.  
  81. Status: Online
  82. Mode: Un-provisioned
  83. Domain: DOMAIN.COM
  84. Domain SID: S-1-5-21-3537566271-1428921453-776812789
  85. Forest: domain.com
  86. Site: NYC
  87. Online check interval: 300 seconds
  88. [Trusted Domains: 1]
  89.  
  90.  
  91. [Domain: DOMAIN]
  92.  
  93. DNS Domain: domain.com
  94. Netbios name: DOMAIN
  95. Forest name: domain.com
  96. Trustee DNS name:
  97. Client site name: NYC
  98. Domain SID: S-1-5-21-3537566271-1428921453-776812789
  99. Domain GUID: 0b6b6d88-ea48-314a-8bad-a997a57bc1f4
  100. Trust Flags: [0x001d]
  101. [0x0001 - In forest]
  102. [0x0004 - Tree root]
  103. [0x0008 - Primary]
  104. [0x0010 - Native]
  105. Trust type: Up Level
  106. Trust Attributes: [0x0000]
  107. Trust Direction: Primary Domain
  108. Trust Mode: In my forest Trust (MFT)
  109. Domain flags: [0x0001]
  110. [0x0001 - Primary]
  111.  
  112. [Domain Controller (DC) Information]
  113.  
  114. DC Name: dc2.nyc.domain.com
  115. DC Address: 10.x.x.50
  116. DC Site: NYC
  117. DC Flags: [0x0000f1fc]
  118. DC Is PDC: no
  119. DC is time server: yes
  120. DC has writeable DS: yes
  121. DC is Global Catalog: yes
  122. DC is running KDC: yes
  123.  
  124. [Global Catalog (GC) Information]
  125.  
  126. GC Name: dc1.nyc.domain.com
  127. GC Address: 10.x.x.50
  128. GC Site: NYC
  129. GC Flags: [0x0000f3fd]
  130. GC Is PDC: yes
  131. GC is time server: yes
  132. GC has writeable DS: yes
  133. GC is running KDC: yes
  134.  
  135. User object [1 of 1] (S-1-5-21-3537566271-1428921453-776812789-1107)
  136. ============
  137. Enabled: yes
  138. Distinguished name: CN=USERNAME,OU=User,OU=User Accounts,DC=domain,DC=com
  139. SAM account name: username
  140. NetBIOS domain name: DOMAIN
  141. UPN: username@DOMAIN.COM
  142. Display Name: First Last
  143. Alias: <null>
  144. UNIX name: DOMAINusername
  145. GECOS: First LAst
  146. Shell: /bin/bash
  147. Home directory: /home/DOMAIN/username
  148. Windows home directory: \domain.comdfsNYCUsersusername
  149. Local windows home directory:
  150. UID: 1023411283
  151. Primary group SID: S-1-5-21-3537566271-1428921453-776812789-513
  152. Primary GID: 1023410689
  153. Password expired: no
  154. Password never expires: yes
  155. Change password on next logon: no
  156. User can change password: yes
  157. Account disabled: no
  158. Account expired: no
  159. Account locked: no
  160.  
  161. [libdefaults]
  162. default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
  163. default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
  164. preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
  165. dns_lookup_kdc = true
  166. pkinit_kdc_hostname = <DNS>
  167. pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
  168. pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
  169. pkinit_eku_checking = kpServerAuth
  170. pkinit_win2k_require_binding = false
  171. pkinit_identities = PKCS11:/opt/pbis/lib/libpkcs11.so
  172.  
  173. session [default=1] pam_permit.so
  174. session requisite pam_deny.so
  175. session required pam_permit.so
  176. session optional pam_umask.so
  177. session required pam_unix.so
  178. session optional pam_mount.so
  179. session [success=ok default=ignore] pam_lsass.so
  180. session optional pam_systemd.so
  181.  
  182. auth [success=2 default=ignore] pam_unix.so nullok_secure
  183. auth [success=1 default=ignore] pam_lsass.so try_first_pass
  184. auth requisite pam_deny.so
  185. auth required pam_permit.so
  186. auth optional pam_cap.so
  187. auth optional pam_mount.so
  188.  
  189. Name: Likewise
  190. Default: yes
  191. Priority: 250
  192. Conflicts: winbind
  193. Auth-Type: Primary
  194. Auth:
  195. [success=end default=ignore] pam_lsass.so try_first_pass
  196. Auth-Initial:
  197. [success=end default=ignore] pam_lsass.so
  198. Account-Type: Primary
  199. Account:
  200. [success=ok new_authtok_reqd=ok default=ignore] pam_lsass.so unknown_ok
  201. [success=end new_authtok_reqd=done default=ignore] pam_lsass.so
  202. Session-Type: Additional
  203. Session:
  204. sufficient pam_lsass.so
  205. Password-Type: Primary
  206. Password:
  207. [success=end default=ignore] pam_lsass.so use_authtok try_first_pass
  208. Password-Initial:
  209. [success=end default=ignore] pam_lsass.so
  210.  
  211. [SeatDefaults]
  212. user-session=ubuntu
  213. greeter-show-manual-login=true
  214.  
  215. [SeatDefaults]
  216. allow-guest=false
  217. greeter-show-remote-login=false
  218. greeter-show-manual-login=true
  219. greeter-session=unity-greeter
  220.  
  221. account [success=3 new_authtok_reqd=done default=ignore] pam_unix.so
  222. account [success=ok new_authtok_reqd=ok default=ignore] pam_lsass.so unknown_ok
  223. account [success=1 new_authtok_reqd=done default=ignore] pam_lsass.so
  224. account requisite pam_deny.so
  225. account required pam_permit.so
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!