Hi Art: Here's a check list for troubleshooting:
Solve Logon Problems on Linux or Unix To troubleshoot problems logging on a Linux computer with Active Directory credentials after you joined the computer to a domain, perform the following series of diagnostic tests sequentially with a root account. The tests can also be used to troubleshoot logon problems on a Unix or Mac OS X computer; however, the syntax of the commands on Unix and Mac might be slightly different. Make Sure You Are Joined to the Domain Execute the following command: /opt/likewise/bin/domainjoin-cli query If you are not joined, see Join Active Directory with the Command Line. Check Whether You Are Using a Valid Logon Form When troubleshooting a logon problem, use your full domain credentials: DOMAIN\username. Example: likewisedemo.com\hoenstiv. When logging on from the command line, you must escape the slash character with a slash character, making the logon form DOMAIN\\username. Example: likewisedemo.com\\hoenstiv. To view a list of logon options, see About Logging On. Clear the Cache You might need to clear the cache to ensure that the client computer recognizes the user's ID. See Clear the Authentication Cache. Destroy the Kerberos Cache Clear the Likewise Kerberos cache to make sure there is not an issue with a user's Kerberos tickets. Execute the following command at the shell prompt with the user account that you are troubleshooting: /opt/likewise/bin/kdestroy Check the Status of the Likewise Authentication Daemon Check the status of the authentication daemon on a Unix or Linux computer running the Likewise Agent by executing the following command at the shell prompt as the root user: /sbin/service lsassd status If Do This The result looks like this: lsassd is stopped Restart the daemon. The result looks like this: lsassd (pid 1783) is running... Proceed to the next test. Check Communication between the Likewise Daemon and AD Verify that the Likewise daemon can exchange data with AD by executing this command: /opt/likewise/bin/lw-get-dc-name FullDomainName Example: /opt/likewise/bin/lw-get-dc-name likewisedemo.com If Do This The result does not show the name and IP address of your domain controller 1. Make sure the domain controller is online and operational. 2. Check network connectivity between the client and the domain controller. 3. Join the domain again. 4. View log files. The result shows the correct domain controller name and IP address Proceed to the next test. Verify that Likewise Can Find a User in AD Verify that the Likewise agent can find your user by executing the following command, substituting the name of a valid AD domain for domainName and a valid user for ADuserName: /opt/likewise/bin/lw-find-user-by-name domainName\\ADuserName Example: /opt/likewise/bin/lw-find-user-by-name likewisedemo\\hab If Do This The command fails to find the user 1. Check whether the computer is joined to the domain by executing the following command as root: domainjoin-cli query Displays the hostname, current domain, and distinguished name, which includes the OU to which the computer belongs. Make sure the OU is correct. If the computer is not joined to a domain, it displays only the hostname. 2. Check Active Directory to make sure the user has an account. If you are using Likewise Enterprise, also ensure that the user is associated with the correct cell. 3. Check whether the same user is in the /etc/passwd file. If necessary, migrate the user to Active Directory. 4. Make sure the AD authentication provider is running by proceeding to the next test. The user is found Proceed to the PAM test later in this topic. Make Sure the AD Authentication Provider Is Running Likewise includes two authentication providers: 1. The local provider 2. The Active Directory provider If the AD provider is not online, users are unable to log on with their AD credentials. To check the status of the authentication providers, execute the following command as root: /opt/likewise/bin/lw-get-status A healthy result should look like this: LSA Server Status: Agent version: 5.0.0 Uptime: 2 days 21 hours 16 minutes 29 seconds [Authentication provider: lsa-local-provider] Status: Online Mode: Local system [Authentication provider: lsa-activedirectory-provider] Status: Online Mode: Un-provisioned Domain: likewisedemo.com Forest: likewisedemo.com Site: Default-First-Site-Name [r...@rhel4d bin]# An unhealthy result will not include the AD authentication provider or will indicate that it is offline. If the AD authentication provider is not listed in the results, restart the authentication daemon. If the result looks like the line below, check the status of the Likewise daemons to make sure they are running. Failed to query status from LSA service. The LSASS server is not responding. Switch User to Check PAM Verify that a user's password can be validated through PAM by using the switch user service. Either switch from a non-root user to a domain user or from root to a domain user. If you switch from root to a domain user, run the command below twice so that you are prompted for the domain user's password: su DOMAIN\\username Example: su likewisedemo\\hoenstiv If Do This The switch user command fails to validate the user Generate a PAM debug log. Also, check the following log files for error messages (the location of the log files varies by operating system): /var/log/messages /var/log/secure Test SSH Check whether you can log on with SSH by executing the following command: ssh domain\\usern...@localhost Example: ssh likewisedemo.com\\hoens...@localhost Additional Diagnostic Tools There are additional command-line utilities that you can use to troubleshoot logon problems in the following directory: /opt/likewise/bin See Also Resolve an AD Alias Conflict with a Local Account ________________________________ (c) 2008 Likewise Software. All rights reserved. For more information, contact i...@likewisesoftware.com or visit www.LikewiseSoftware.com <http://www.likewisesoftware.com/> . Steve Hoenisch Technical Editor and Writer Likewise Software Inc. T 425.378.7887 F 425.848.8200 E shoeni...@likewise.com 15395 SE 30th Place, Suite 140 Bellevue, WA 98007 www.likewise.com -----Original Message----- From: likewise-open-discuss-boun...@lists.likewisesoftware.com [mailto:likewise-open-discuss-boun...@lists.likewisesoftware.com] On Behalf Of Gerald (Jerry) Carter Sent: Monday, January 26, 2009 10:27 AM To: Art Alexion Cc: likewise-open-discuss@lists.likewisesoftware.com Subject: Re: [Likewise-open-discuss] Can't log in to AD using kdm -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Art Alexion wrote: > Ubuntu 8.10 > > Installed from repository. Then tried unsuccessfully. Then > installed the deb from the Likewise site. Tried again. No luck. > > Using syntax "domain\user" and even trying "domain\\user", > can't log in. > > What am I doing wrong? Hey Art. have you searched the forums for some of the troubleshooting advice? http://www.likewisesoftware.com/community/index.php/forums/ I don't want to leave you without an answer, but all of the user support discussion has moved to the Forums. Much better search capabilities for things like this. cheers, jerry - -- ===================================================================== Samba ------- http://www.samba.org Likewise Software --------- http://www.likewise.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJfgBjIR7qMdg1EfYRAi18AKCj5Akygt/qvm7blcLTs2JyQRiEcACfbESq jz+7jAj3E1wetpm3m7Pfmk8= =EW1I -----END PGP SIGNATURE----- _____________________________________________________________________ Likewise-open-discuss mailing list Likewise-open-discuss@lists.likewisesoftware.com Found a bug? Please file a report: http://lobugs.likewisesoftware.com/ Looking for other discussion options? Try our forums: http://www.likewisesoftware.com/community/index.php/forums/
_____________________________________________________________________ Likewise-open-discuss mailing list Likewise-open-discuss@lists.likewisesoftware.com Found a bug? Please file a report: http://lobugs.likewisesoftware.com/ Looking for other discussion options? Try our forums: http://www.likewisesoftware.com/community/index.php/forums/