Closed sgregorioTC closed 7 months ago
When logging in with an AAD user I get an error "Sorry, password authentication didn't work".
Logging into the machine
libnss_report.txt libpam_report.txt aad.conf.txt
getent passwd linux.aadtest@domain.onmicrosoft.com returns: linux.aadtest@domain.onmicrosoft.com:x:100000:10000::home/linux.aadtest:/bin/bash
Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): generate user id for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): user id for "linux.aadtest@domain.onmicrosoft.com" is 100000 Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Getting home directory for linux.aadtest@domain.onmicrosoft.com Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): inserting in cache user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Close database request Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Close database request Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): generate user id for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): user id for "linux.aadtest@domain.onmicrosoft.com" is 100000 Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Getting home directory for linux.aadtest@domain.onmicrosoft.com Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): inserting in cache user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:03 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Close database request Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Close database request Jul 26 16:33:20 laptop aad_auth[4604]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:20 laptop aad_auth[4808]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:21 laptop aad_auth[5204]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:22 laptop aad_auth[5833]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:31 laptop aad_auth[6361]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db
Similar to https://github.com/ubuntu/aad-auth/issues/209 where I can see successful logins in AAD but the screen doesn't let me in
Is there an existing issue for this?
Describe the issue
When logging in with an AAD user I get an error "Sorry, password authentication didn't work".
Steps to reproduce it
Logging into the machine
Ubuntu users: System information and logs
libnss_report.txt libpam_report.txt aad.conf.txt
getent passwd linux.aadtest@domain.onmicrosoft.com returns: linux.aadtest@domain.onmicrosoft.com:x:100000:10000::home/linux.aadtest:/bin/bash
Non Ubuntu users: System information and logs
Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): generate user id for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): user id for "linux.aadtest@domain.onmicrosoft.com" is 100000 Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Getting home directory for linux.aadtest@domain.onmicrosoft.com Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): inserting in cache user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:40 laptop gdm-password][55946]: pam_aad(gdm-password:auth): Close database request Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:29:44 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:29:46 laptop gdm-password][56030]: pam_aad(gdm-password:auth): Close database request Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): generate user id for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): user id for "linux.aadtest@domain.onmicrosoft.com" is 100000 Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Getting home directory for linux.aadtest@domain.onmicrosoft.com Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): inserting in cache user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:02 laptop gdm-password][3241]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:03 laptop gdm-password][3241]: pam_aad(gdm-password:auth): Close database request Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): aad auth debug enabled Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/tenant id", with clientID "app id" for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Authentication successful with user/password Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Cache initialization Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Opening cache in /var/lib/aad/cache Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/passwd.db Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): check file permissions on /var/lib/aad/cache/shadow.db Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Shadow db mode: 2 Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Cleaning up db. Removing entries that last authenticated online more than 180 days ago Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): getting user information from cache for "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): encrypt password for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): updating from last online login information for user "linux.aadtest@domain.onmicrosoft.com" Jul 26 16:33:08 laptop gdm-password][3269]: pam_aad(gdm-password:auth): Close database request Jul 26 16:33:20 laptop aad_auth[4604]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:20 laptop aad_auth[4808]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:21 laptop aad_auth[5204]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:22 laptop aad_auth[5833]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db Jul 26 16:33:31 laptop aad_auth[6361]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db
Relevant information
Similar to https://github.com/ubuntu/aad-auth/issues/209 where I can see successful logins in AAD but the screen doesn't let me in
Double check your logs