Issue: Unable to access Azure AD account on Ubuntu 23.04 OS, permissions if missed in Azure application please suggest.

[ramamohandanamreddy]

Is there an existing issue for this?

• I have searched the existing issues and found none that matched mine

Describe the issue

We are unable to login on Ubuntu 23.04,

Always it says password error

Steps to reproduce it

Obuntu 23 .04 OS is not able to access Azure Active Directory accounts.

Ubuntu users: System information and logs

No response

Non Ubuntu users: System information and logs

Environment

• aad-auth version: please run aad-cli version
• Distribution: (NAME in /etc/os-release)
• Distribution version: (VERSION_ID on /etc/os-release):

Log files

Please redact/remove sensitive information:

aad-auth logs can be found in the system journal and queried with:
`journalctl | grep _aad`

Application settings

Please redact/remove sensitive information:

You can get the configuration file from /etc/aad.conf

Relevant information

No response

Double check your logs

• I have redacted any sensitive information from the logs

[danamreddyramamohanreddy]

itsupport@ramamohan-Latitude-E6440:$ aad-cli version
aad-cli 0.4.1ppa2
libpam-aad 0.4.1ppa2
libnss-aad 0.4.1ppa2
itsupport@ramamohan-Latitude-E6440:~$

[danamreddyramamohanreddy]

tsupport@ramamohan-Latitude-E6440:$ cat /etc/os-release
PRETTY_NAME="Ubuntu 23.04"
NAME="Ubuntu"
VERSION_ID="23.04"
VERSION="23.04 (Lunar Lobster)"
VERSION_CODENAME=lunar
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=lunar
LOGO=ubuntu-logo
itsupport@ramamohan-Latitude-E6440:$

[danamreddyramamohanreddy]

itsupport@ramamohan-Latitude-E6440:$
itsupport@ramamohan-Latitude-E6440:$ cat /etc/aad.conf

required values

See https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

for more information on how to set up an Azure AD app.

tenant_id = 20e38830-0c8f-4b5b-bead-6b3436f48342
app_id = 01852d65-8e8f-4dfd-b341-aa5eb3343e0a

optional values (defaults)

offline_credentials_expiration = 90 ; duration in days a user can log in without online verification

                                  ; set to 0 to prevent old users from being cleaned and allow offline authentication for an undetermined amount of time
                                  ; set to a negative value to prevent offline authentication

homedir = /home/%f ; home directory pattern for the user, the following mapping applies:

; %f - full username

; %U - UID

; %l - first char of username

; %u - username without domain

; %d - domain

shell = /bin/bash ; default shell for the user

overriding values for a specific domain, every value inside a section is optional

[domain.com]

tenant_id = aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa

app_id = bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb

offline_credentials_expiration = 30

homedir = /home/domain.com/%u

shell = /bin/zsh

itsupport@ramamohan-Latitude-E6440:~$

[danamreddyramamohanreddy]

days ago
Jul 18 14:29:59 ramamohan-Latitude-E6440 sshd[2257]: pam_aad(sshd:auth): try to authenticate "itsupport" from cache
Jul 18 14:29:59 ramamohan-Latitude-E6440 sshd[2257]: pam_aad(sshd:auth): getting user information from cache for "itsupport"
Jul 18 14:29:59 ramamohan-Latitude-E6440 sshd[2257]: pam_aad(sshd:auth): authenticating user "itsupport" from cache failed: error when getting user "itsupport" from cache: no entries. Denying access.
Jul 18 14:29:59 ramamohan-Latitude-E6440 sshd[2257]: pam_aad(sshd:auth): Close database request
Jul 18 14:32:16 ramamohan-Latitude-E6440 gdm-password][2236]: pam_aad(gdm-password:auth): Unknown error code(s) from server: [900144]
Jul 18 14:32:25 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): aad auth debug enabled
Jul 18 14:32:25 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): PAM AAD DEBUG enabled
Jul 18 14:32:25 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): Loading configuration from /etc/aad.conf
Jul 18 14:32:25 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/20e38830-0c8f-4b5b-bead-6b3436f48342", with clientID "01852d65-8e8f-4dfd-b341-aa5eb3343e0a" for user "[email protected]"
Jul 18 14:32:26 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): Authentication successful with user/password
Jul 18 14:32:26 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): Reusing existing opened cache
Jul 18 14:32:26 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): getting user information from cache for "[email protected]"
Jul 18 14:32:26 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): encrypt password for user "[email protected]"
Jul 18 14:32:26 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): updating from last online login information for user "[email protected]"
Jul 18 14:32:27 ramamohan-Latitude-E6440 gdm-password][2333]: pam_aad(gdm-password:auth): Close database request
Jul 18 15:01:20 ramamohan-Latitude-E6440 aad_auth[895]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db
Jul 18 15:01:26 ramamohan-Latitude-E6440 aad_auth[895]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db
Jul 18 15:01:26 ramamohan-Latitude-E6440 aad_auth[895]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db
Jul 18 15:01:27 ramamohan-Latitude-E6440 aad_auth[895]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db
Jul 18 15:01:27 ramamohan-Latitude-E6440 aad_auth[895]: nss_aad: database error: unable to open database file: /var/lib/aad/cache/passwd.db
itsupport@ramamohan-Latitude-E6440:~$

[danamreddyramamohanreddy]

2023-07-18T15:33:37.843930+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): Connecting to "https://login.microsoftonline.com/20e38830-0c8f-4b5b-bead-6b3436f48342", with clientID "01852d65-8e8f-4dfd-b341-aa5eb3343e0a" for user "[email protected]"
2023-07-18T15:33:38.418725+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): Authentication successful with user/password
2023-07-18T15:33:38.419141+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): Reusing existing opened cache
2023-07-18T15:33:38.419422+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): getting user information from cache for "[email protected]"
2023-07-18T15:33:38.419689+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): encrypt password for user "[email protected]"
2023-07-18T15:33:38.607913+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): updating from last online login information for user "[email protected]"
2023-07-18T15:33:38.899514+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): Close database request
2023-07-18T15:33:39.047369+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_sss(gdm-password:account): Request to sssd failed. Connection refused

[danamreddyramamohanreddy]

last online login information for user "[email protected]"
2023-07-18T15:33:38.899514+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_aad(gdm-password:auth): Close database request
2023-07-18T15:33:39.047369+05:30 ramamohan-Latitude-E6440 gdm-password]: pam_sss(gdm-password:account): Request to sssd failed. Connection refused