Our apologies for the late response.
- Please let us know what version of Centrify Express you're using. In a terminal, run this command:
$ adinfo -v - Please let us know if this is an Ubuntu server or workstation
- Please let us know if you're trying to log in via SSH or via the Graphical Interface?
With Centrify Express ALL your AD users should be allowed to log in locally or remotely.
To troubleshoot issues with authentication, it is best if you use a process of elimination.
Verify that the user's account exists in AD, it is in the right format and that it's not locked or expired:
- Log in to your system and open a terminal
- Run the adquery user command and grep for the user in question. E.g. homer simpson
$ adquery user | grep homer homer.simpson:x:1040191003:1040191003:Homer Simpson:/home/homer.simpson:/usr/bin/dzsh
This demonstrates that the user is valid in the system. - Run the adquery user -A command to verify the user's status
$ dzdo adquery user -A homer.simpson [truncated]accountExpires:Never passwordExpires:Mon Sep 5 09:55:43 2016 passwordWillExpire:28 nextPasswordChange:Wed Jun 8 09:55:43 2016 lastPasswordChange:Tue Jun 7 09:55:43 2016accountLocked:false accountDisabled:false requireMfa:false zoneEnabled:true
Looking at this output you can rule out issues with the account like expiration, lock out, or if it's disabled.
Rule out issues with the user's password
Have your user log in (with any credential) and open a terminal.
To verify that the user is typing the correct password (the AD password), have him run this command
$ adinfo --user [user] -A
If the user types the correct password, the output of the command is:
$ adinfo --user dwirth -A Active Directory password: Password for user "dwirth" is correct
If the password is incorrect, the output will be: Unable to connect to server
Once you have ruled-out user issues, then you need to look at the system.
Here's an old video that I created to set up Express on Ubu 14.04 desktop:
- If the access is via SSH, you need to watch out for any Deny directives over SSH
- If the access is via GDM, make sure that you rebooted given that GDM is a set of long-running-daemons