Hi, I have (I believe) the exact same error message. I am setting up my personal samba AD server (running on ubuntu 22.04). I can join windows computers without any problem to the domain. I can use RAST (users and groups) from windows to manage the domain (add/create/change users/groups).
I can also join linux computers (ubuntu 23.04 and ubuntu 23.10), and I can login with a domain user. But, when I login, I get errors from the server ``` bp@legion-ubuntu:~ % sudo login legion-ubuntu.sb.lan login: SB\bp Password: Login incorrect legion-ubuntu.sb.lan login: SB\bp Password: Welcome to Ubuntu 23.04 (GNU/Linux 6.2.0-37-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/pro 3 updates can be applied immediately. To see these additional updates run: apt list --upgradable Your Ubuntu release is not supported anymore. For upgrade information, please visit: http://www.ubuntu.com/releaseendoflife New release '23.10' available. Run 'do-release-upgrade' to upgrade to it. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Apr 17 14:05:59 CEST 2024 on pts/1 Applying machine settings ERROR Error from server: error while updating policy: can't get policies for "legion-ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://dc.sb.lan' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Failure setting user credentials ``` This prevents me from logging in through normal login screen. My sssd.conf ``` bp@legion-ubuntu:~ % sudo cat /etc/sssd/sssd.conf [sssd] domains = sb.lan config_file_version = 2 services = nss, pam debug_level = 10 [domain/sb.lan] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = SB.LAN realmd_tags = manages-system joined-with-adcli id_provider = ad fallback_homedir = /home/%u@%d ad_domain = sb.lan use_fully_qualified_names = True ldap_id_mapping = True access_provider = ad timeout = 20 ldap_uri = ldap://dc.sb.lan ldap_search_base = dc=sb,dc=lan auth_provider = krb5 krb5_server = dc.sb.lan krb5_passwd = dc.sb.lan krb5_validate = True # https://serverfault.com/questions/872542/debugging-sssd-login-pam-sss-system-error # suggested work around in question ad_gpo_access_control = permissive ``` Any chance you could point me in the right direction? I am sure there is something wrong (I expect it to be client side since windows computers seem to work perfectly fine in the samba AD domain) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2043376 Title: adsys cant fetch gpos ubuntu 22.04.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2043376/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
