Ubuntu
likewise-open package

  1. Bug #598034
  2. Comment #0

Comment 0 for bug 598034

Revision history for this message
Chugajstyr (chugajstyr) wrote : Can`t su or ssh with with russian (contain cyrillic symbols) domain usernames

Binary package hint: likewise-open

Description: Ubuntu 10.04 LTS
Release: 10.04
likewise-open: 5.4.0.42111-2ubuntu1

I’ve successfully joined domain Windows Server 2003 using LikewiseOpen from Ubuntu repos, but can`t login to Ubuntu-server 10.04 with russian usernames. When I try to do it with test username (only latin symbols) - everything seems good.
I try to troubleshoot this problem step by step using guide http://www.likewise.com/resources/documentation_library/manuals/open/likewise-open-54-guide.html#SolveLogonProblems :
1) domainjoin-cli query
Name = eibuntu
Domain = OUR.DMN
Distinguished Name = CN=EIBUNTU,CN=Computers,DC=our,DC=dmn ;

2) When trying logon to Ubuntu, using escape the slash character with a slash character (OUR\\Петров) ;

3) clear the cache - sudo lw-ad-cache --delete-all
The cache has been emptied successfully ;

4) sudo kdestroy
kdestroy: No credentials cache found while destroying cache ;

5) service lsassd status
running (standalone: 1337) ;

6) lw-get-dc-name our.domain
Printing LWNET_DC_INFO fields:
===============================
dwDomainControllerAddressType = 23
dwFlags = 1021
dwVersion = 5
wLMToken = 65535
wNTToken = 65535
pszDomainControllerName = dc.our.dmn
pszDomainControllerAddress = 192.168.x.1
pucDomainGUID(hex) = 51 AC 8B FE B2 85 3C 4B 9C 73 19 B0 25 11 69 9D
pszNetBIOSDomainName = OUR
pszFullyQualifiedDomainName = our.dmn
pszDnsForestName = our.dmn
pszDCSiteName = Default-First-Site-Name
pszClientSiteName = Default-First-Site-Name
pszNetBIOSHostName = DC
pszUserName = <EMPTY>

The result shows the correct domain controller name and IP address ;

7) lw-find-user-by-name our\\Петров
User info (Level-0):
====================
Name: OUR\Петров
SID: S-1-5-21-507921405-492894223-839522115-12638
Uid: 58208606
Gid: 58196481
Gecos: Петров Александр Алексеевич
Shell: /bin/bash
Home dir: /home/likewise-open/OUR/Петров
Logon restriction: NO

8) lw-get-status
LSA Server Status:
Compiled daemon version: 5.0.0.0
Packaged product version: 5.4.0.42111
Uptime: 0 days 15 hours 18 minutes 26 seconds
[Authentication provider: lsa-activedirectory-provider]

Status: Online
Mode: Un-provisioned
Domain: OUR.DMN
Forest: OUR.DMN
Site: Default-First-Site-Name
Online check interval: 300 seconds
[Trusted Domains: 2]
..........................................

9) su our\\Петров
And here we got trouble:
su: Authentication failure

In auth.log I see error:
eibuntu su[2530]: [module:pam_lsass]pam_sm_authenticate error [login:our\Петров][error code:40067]
eibuntu su[2530]: pam_authenticate: Authentication failure
eibuntu su[2530]: FAILED su for our\Петров by ubadmin
eibuntu su[2530]: - /dev/pts/1 ubadmin:our\Петров

In daemon.log:
eibuntu lsassd[1337]: 0xb1fb2b70:Failed to authenticate user (name = ‘our\Петров’)
-> error = 40067, symbol = LW_ERROR_STRING_CONV_FAILED, client pid = 8091

10) well, I try to test ssh:
ssh our\\Петров@localhost

In auth.log:
eibuntu sshd[13675]: [module:pam_lsass]pam_sm_authenticate error [login:our\Петров][error code:40067]
eibuntu sshd[13595]: error: PAM: Authentication failure for our\\\320\237\320\265\321\202\321\200\320\276\320\262 from localhost

In daemon.log:
eibuntu lsassd[1337]: 0xb1fb2b70:Failed to authenticate user (name = ‘our\Петров’) ->
error = 40067, symbol = LW_ERROR_STRING_CONV_FAILED, client pid = 13675

Maybe, it`s not involved with impossibility to login, but it is clear that something wrong with it...