Open 9numbernine9 opened 3 years ago
I spent sometime on this issue. In my case (RedHat 7), I had to make below changes for the browser login prompt.
Having made above changes, my custom RedHat7 image worked like the marketplace image.
I'm not sure the above changes would help as the OS distro itself is different but thought of sharing with you if by any chance it's the reason.
Also, the extension documentation is poor and the source code is not available for a dry run :(
Good luck!
AADLogin has changed somewhat significantly since. (E.g., it now uses ssh certs.)
I tested this again today, and it appears to work now? pam_aad
appears to still be part of how it functions, so I'm not completely sure. (I.e., it might not have been the change to certs that cause this to change.) Perhaps something else was fixed, and MS has simply neglected to update the issue.
Having the same issue here with Ubuntu 20.04.
Aug 22 01:47:08 denis-Virtual-Machine sshd[81513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.26.64.1 Aug 22 01:47:09 denis-Virtual-Machine sshd[81513]: Failed password for invalid user southamerica\ddemello from 172.26.64.1 port 56390 ssh2 Aug 22 01:47:11 denis-Virtual-Machine sudo: omsagent : problem with defaults entries ; TTY=unknown ; PWD=/opt/microsoft/omsconfig/Scripts/3.x ; USER=root ; Aug 22 01:47:11 denis-Virtual-Machine sudo: omsagent : TTY=unknown ; PWD=/opt/microsoft/omsconfig/Scripts/3.x ; USER=root ; COMMAND=/opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/917d30b7-ff0d-45ae-bc8c-f0c6ee05b1bf/tmp Aug 22 01:47:11 denis-Virtual-Machine sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Aug 22 01:47:11 denis-Virtual-Machine sudo: pam_unix(sudo:session): session closed for user root Aug 22 01:47:13 denis-Virtual-Machine CRON[81480]: pam_unix(cron:session): session closed for user omsagent Aug 22 01:50:01 denis-Virtual-Machine CRON[81833]: pam_unix(cron:session): session opened for user root by (uid=0) Aug 22 01:50:01 denis-Virtual-Machine CRON[81833]: pam_unix(cron:session): session closed for user root
Is there anyone aware of this issue? I set up the IAM privileges on the right Resource Group following this page: https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux#azure-ad-portal
Any resolution for the above issue.
I am also facing some issue related to pam while installing aadsshlogin.
Should be supported according to this doc, but I am also getting this issue on a fresh install of ubuntu2204. Works fine on my old ubuntu1804 jumpboxes which I am trying to replace..
Status message
[ExtensionOperationError] Non-zero exit code: 51, /var/lib/waagent/Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux-1.0.1588.3/./installer.sh install [stdout] Machine OS: ubuntu v22.04 Installing... Stopping apt-daily.timer Stopping apt-daily-upgrade.timer Skipping curl installation Configuring microsoft-prod repo Package aadlogin is not published for this version of Linux Starting apt-daily-upgrade.timer Starting apt-daily.timer [stderr] % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 16 100 16 0 0 717 0 --:--:-- --:--:-- --:--:-- 727
edit: seems like i was after the AADSSHLogin
extension rather than AADLoginForLinux
Just got this for an Ubuntu VM using the following image:
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts-gen2"
version = "latest"
lsb_release -a:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
/var/log/waagent.log:
2024-03-28T18:11:23.782275Z INFO ExtHandler [Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux-1.0.1588.3] Executing command: /var/lib/waagent/Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux-1.0.1588.3/./installer.sh install with environment variables: {"AZURE_GUEST_AGENT_UNINSTALL_CMD_EXIT_CODE": "NOT_RUN", "AZURE_GUEST_AGENT_EXTENSION_PATH": "/var/lib/waagent/Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux-1.0.1588.3", "AZURE_GUEST_AGENT_EXTENSION_VERSION": "1.0.1588.3", "AZURE_GUEST_AGENT_WIRE_PROTOCOL_ADDRESS": "168.63.129.16", "ConfigSequenceNumber": "0", "AZURE_GUEST_AGENT_EXTENSION_SUPPORTED_FEATURES": "[{\"Key\": \"ExtensionTelemetryPipeline\", \"Value\": \"1.0\"}]"}
2024-03-28T18:11:37.802369Z ERROR ExtHandler ExtHandler Event: name=Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux, op=Install, message=[ExtensionOperationError] Non-zero exit code: 51, /var/lib/waagent/Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux-1.0.1588.3/./installer.sh install
[stdout]
Machine OS: ubuntu v22.04
Installing...
Stopping apt-daily.timer
Stopping apt-daily-upgrade.timer
Skipping curl installation
Configuring microsoft-prod repo
Package aadlogin is not published for this version of Linux
Starting apt-daily-upgrade.timer
Starting apt-daily.timer
[stderr]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M100 16 100 16 0 0 1201 0 --:--:-- --:--:-- --:--:-- 1230
, duration=0
2024-03-28T18:11:37.803653Z INFO ExtHandler ExtHandler Downloading extension manifest
Update: this extension has been deprecated and replaced by:
--publisher Microsoft.Azure.ActiveDirectory \
--name AADSSHLoginForLinux \
More info here.
Hello!
I've recently been testing some virtual machines using Ubuntu 20.04 LTS, and it seems like the
AADLoginForLinux
extension doesn't appear to work correctly with this version of Ubuntu.I first tried creating a VM with (substitute values as needed):
And then installing the
AADLoginForLinux
extension thusly:And after enabling JIT Access for the new VM in the Azure Portal, tried ssh'ing into the VM with my Azure AD credentials:
Instead of receiving the usual
use a web browser to open the page https://microsoft.com/devicelogin
prompt, I'm simply prompted for a password for my account. Using my password for my AD account, unsurprisingly, doesn't work.Using the
admin
account that I created, however, if I log into the VM andtail -f /var/log/auth.log
while trying to log in with my AD account, I see the following log entries:I'm not exactly sure what's going wrong here in this scenario, but it seems like
pam_aad
is perhaps having difficulty reaching AD or isn't configured correctly after installating theAADLoginForLinux
extension? Note that the exact same set of steps works for a Ubuntu 18.04 VM (Canonical:UbuntuServer:18_04-lts-gen2:18.04.202101081
) and/var/log/auth.log
shows everything working correctly:Any suggestions or insights into this issue would be greatly appreciated!