pam stop using winbind after a while...

[Fedo]

Hi,

I successfully add my CentOS 7 to my 2008R2 Active Directory domain.
I can log in with my domain users through SSH.

Code: Select all

Mar  4 17:24:45 (Hostname) sshd[2427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.121.2.30  user=*user*
Mar  4 17:24:45 (Hostname) sshd[2427]: pam_winbind(sshd:auth): getting password (0x00000010)
Mar  4 17:24:45 (Hostname) sshd[2427]: pam_winbind(sshd:auth): pam_get_item returned a password
Mar  4 17:24:45 (Hostname) sshd[2427]: pam_winbind(sshd:auth): user '*user*' granted access
Mar  4 17:24:45 (Hostname) sshd[2427]: pam_winbind(sshd:account): user '*user*' granted access
Mar  4 17:24:45 (Hostname) sshd[2427]: Accepted password for *user* from 10.121.2.30 port 52113 ssh2
Mar  4 17:24:45 (Hostname) sshd[2427]: pam_unix(sshd:session): session opened for user *user* by (uid=0)

And then, the next morning...

Code: Select all

Mar  5 09:11:21 (Hostname) sshd[5968]: pam_unix(sshd:auth): check pass; user unknown
Mar  5 09:11:21 (Hostname) sshd[5968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.121.2.30
Mar  5 09:11:23 (Hostname) sshd[5968]: Failed password for invalid user *user* from 10.121.2.30 port 59210 ssh2

It just stop using winbind...
I tried to restart winbind, smb, sshd... But none of that resolved my issue.
I reboot my server and all is fine again ... For a few hours only.

Do you huys have some ideas of what should I check to fing something?

Thanks in advance.

[Fedo]

Hi,

Quick update.
If I restart the network service, all is working again...

Here are my hosts, network and ens160 configuration files if you find anything strange or wrong let me know :
PS : I have selinux disabled.

/etc/hosts

Code: Select all

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
IPADDRESS hostname.fqdn hostname

/etc/sysconfig/network

Code: Select all

NETWORKING=yes
GATEWAY=IPADDRESS

/etc/sysconfig/network-scripts/ifcfg-ens160

Code: Select all

TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=ens160
UUID=7c5817f9-b788-42bc-b4f6-7190b9c0bab1
ONBOOT=yes
HWADDR=00:50:56:85:6D:78
IPADDR=IPADDRESS
NETMASK=255.255.255.0

[gerald_clark]

Your ifcfg-ens160 file is missing
DEVICE="ens160"

[TrevorH]

I see that's a VMWare MAC address. Is your network card configured on the vmware side to use a vmxnet3 device? Try changing it to an Intel e1000 instead, there are numerous reports on the net of problems with vmxnet3.

[Fedo]

Hi,

I added DEVICE=ens160 in my config file but I doubt this is it. I already have like 5 or 6 CentOS7 servers and none of them have this issue.
All of my CentOS7 are on the same Windows 2012R2 AD Domain... Except the one with this issue is on a Windows 2008R2 Domain.

TrevorH, you are right, these are VMWare MAC Addresses. Yes, I use vmxnet3 yes, like all of my CentOS7 VMs actually...

[Fedo]

Just a quick follow up.

I notice that I miss spelled the IP address of my DCs in my shorewall configuration...
All is fine now

I feel so stupid