3/ After a do-release-upgrade from 9.10 server to 10.04, I expected my ActiveDirectory logins to still work as expected...
4/ ...unfortunately, the upgrade mangled some settings and the ActiveDirectory logins were not possible anymore
I found out that the "require-membership-of" setting of /etc/likewise-open5/lsassd.conf was not correctly transferred to the new "RequireMembershipOf" registry key.
Thus, the following procedure (partially) resolved the issue:
sudo lwregshell
cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory
set_value "RequireMembershipOf" "DOMAIN\\group1" "DOMAIN\\group2"
<ctrl-D>
sudo lw-refresh-configuration
(I say "partially" because now I'm forced to use keyboard-interactive authentication when connecting with PuTTY. But I suppose it's another bug I have to track... :-| )
Binary package hint: likewise-open
1/ lsb_release -rd:
Description: Ubuntu 10.04 LTS
Release: 10.04
2/ apt-cache policy likewise-open 2ubuntu1 2ubuntu1 2ubuntu1 0 be.archive. ubuntu. com/ubuntu/ lucid/main Packages dpkg/status
likewise-open:
Installed: 5.4.0.42111-
Candidate: 5.4.0.42111-
Version table:
*** 5.4.0.42111-
500 http://
100 /var/lib/
3/ After a do-release-upgrade from 9.10 server to 10.04, I expected my ActiveDirectory logins to still work as expected...
4/ ...unfortunately, the upgrade mangled some settings and the ActiveDirectory logins were not possible anymore
I found out that the "require- membership- of" setting of /etc/likewise- open5/lsassd. conf was not correctly transferred to the new "RequireMembers hipOf" registry key.
More precisely, the setting:
require- membership- of = DOMAIN\ group1, DOMAIN\ group2
became:
"RequireMem bershipOf" "DOMAINgroup1, DOMAINgroup2"
instead of:
"RequireMem bershipOf" "DOMAIN\\group1" "DOMAIN\\group2"
Thus, the following procedure (partially) resolved the issue:
sudo lwregshell MACHINE\ Services\ lsass\Parameter s\Providers\ ActiveDirectory hipOf" "DOMAIN\\group1" "DOMAIN\\group2"
cd HKEY_THIS_
set_value "RequireMembers
<ctrl-D>
sudo lw-refresh- configuration
(I say "partially" because now I'm forced to use keyboard- interactive authentication when connecting with PuTTY. But I suppose it's another bug I have to track... :-| )