search

ubuntu / aad-auth

Azure AD authentication module for Ubuntu
GNU Lesser General Public License v3.0
141 stars 22 forks source link

Got Response: "Invalid Credentials" #211

Open pjolsen opened 1 year ago

pjolsen commented 1 year ago

Trying to setup for login on a brand new ubuntu machine running 23.04 release.

  1. Installed the packages as specified in the documentation.
  2. Created an app registration in Azure AD
  3. Ensured that the "Allow public client flows" was set to "Yes" (not in the documentation but mentioned in other issues)
  4. Ensured that Microsoft Graph -> User.Read is granted for the application (again not in the documentation but mentioned in other issues)
  5. Ensured that the /etc/aad.conf file was updated with tenant_id and app_id
  6. Restarted the OS to ensure that the configuration is picked up

Attempts to login fail with "Invalid Credentials" when using legitimate credentials. Invalid users are flagged as non existing users and Attempts to login without a domain suffix are also flagged as missing the suffix.

Sign in logs in Azure against the app registration show that the credential is invalid.

Worth noting that our organisation uses our verified domain and not a *.onmicrosoft.com for the UPN.

velayudhamv commented 1 year ago

Have you tried with username@domain.com? I too faced the same issue and when I tried with fully qualified username, it logged in successfully.

pjolsen commented 1 year ago

Have you tried with username@domain.com? I too faced the same issue and when I tried with FQDN, it logged in successfully.

Yes, I was trying with our email (which is the same as UPN format). I noticed that the logs indicate the missing FQDN you don't provide in the user@domain.com format and it also doesn't work