Joining to AD successful, but unable to login via domain credentials with CentOS 6.3 + 2k8 R2

[Nebby]

Hello all,

I've followed the Red Hat "[url=http://www.redhat.com/rhecm/rest-rhecm/jcr/repository/collaboration/jcr:system/jcr:versionStorage/ae40084d0a052601783f1ea42715cdef/8/jcr:frozenNode/rh:resourceFile]Integrating Red Hat Enterprise Linux 6 with Active Directory[/url]" document to configure my CentOS 6.3 workstation to join to the 2008 R2 server Active Directory domain. To be more specific, the "6.2 Configuration 2 – Samba/Winbind (idmap_ad)" setup is what I've attempted to implement. I've gotten as far as running the net join command with a successful join to domain response, but I am completely unable to login using domain credentials at all. I've tried via su - , login via ssh, nor logging in via standard GUI, all attempts fail fail with an authentication failure or unknown user. Checking /var/log/messages and /var/log/secure only shows that the user does not exist, but I don't see any hits on pam_winbind (but I'm not sure if I should be seeing any).

Running wbinfo -u and wbinfo -g both work properly and list the groups and users in AD and I am able to generate a kerberos ticket via kinit and verify them with klist. I'm completely at a loss as to why this system is not allowing me to login using a domain credential.

What really has me confused is that I followed the same procedure on another machine and it does work properly, but checking the config files /etc/krb5.conf /etc/samba/smb.conf /etc/pam.d/passwordd-auth and /etc/pam.d/system-auth all are identical; so any help with how to trouble shoot this issue would be greatly appreciated!

Thank you for your time and help!

[flyaway]

Hi,

have you tried logging in with your domain-username in the "username@domain.com" format? This should work, if wbinfo shows the correct connection to the AD.

Good luck