Hi, I have (I believe) the exact same error message. I am setting up my
personal samba AD server (running on ubuntu 22.04). I can join windows
computers without any problem to the domain. I can use RAST (users and
groups) from windows to manage the domain (add/create/change
users/groups).
I can also join linux computers (ubuntu 23.04 and ubuntu 23.10), and I
can login with a domain user. But, when I login, I get errors from the
server
```
bp@legion-ubuntu:~ % sudo login
legion-ubuntu.sb.lan login: SB\bp
Password:
Login incorrect
legion-ubuntu.sb.lan login: SB\bp
Password:
Welcome to Ubuntu 23.04 (GNU/Linux 6.2.0-37-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support:https://ubuntu.com/pro
3 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
Your Ubuntu release is not supported anymore.
For upgrade information, please visit:
http://www.ubuntu.com/releaseendoflife
New release '23.10' available.
Run 'do-release-upgrade' to upgrade to it.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Last login: Wed Apr 17 14:05:59 CEST 2024 on pts/1
Applying machine settings
ERROR Error from server: error while updating policy: can't get policies for
"legion-ubuntu": failed to retrieve the list of GPO (exited with 1): exit
status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://dc.sb.lan' with backend 'ldap': LDAP client
internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Failure setting user credentials
```
This prevents me from logging in through normal login screen.
My sssd.conf
```
bp@legion-ubuntu:~ % sudo cat /etc/sssd/sssd.conf
[sssd]
domains = sb.lan
config_file_version = 2
services = nss, pam
debug_level = 10
[domain/sb.lan]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = SB.LAN
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = sb.lan
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
timeout = 20
ldap_uri = ldap://dc.sb.lan
ldap_search_base = dc=sb,dc=lan
auth_provider = krb5
krb5_server = dc.sb.lan
krb5_passwd = dc.sb.lan
krb5_validate = True
#
https://serverfault.com/questions/872542/debugging-sssd-login-pam-sss-system-error
# suggested work around in question
ad_gpo_access_control = permissive
```
Any chance you could point me in the right direction? I am sure there is
something wrong (I expect it to be client side since windows computers
seem to work perfectly fine in the samba AD domain)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2043376
Title:
adsys cant fetch gpos ubuntu 22.04.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2043376/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
