MBi Posted February 17, 2023 Share Posted February 17, 2023 Hello, Machines are deployed with MCS, they are domain joined and the registration is working. The authentication is not working. Users get an Invalid Login message. We use Winbind for AD integration and Gnome as the desktop. Thanks for your help, Link to comment
0 MBi Posted February 17, 2023 Author Share Posted February 17, 2023 I managed to connect after configuring FAS. The problem is that authentication only works for internal users. When trying to connect from Internet (Citrix Gateway) the authentication is not working and user get an Invalid Logon. Link to comment
0 Chenxiang Wang Posted February 20, 2023 Share Posted February 20, 2023 You can enable verbose login log to figure out what blocked the login process: sudo /opt/Citrix/VDA/bin/setlog level login verbose Since the user can login from internal, I think that there may be some difference of the domain username between internal and Citrix Gateway. Link to comment
0 MBi Posted February 24, 2023 Author Share Posted February 24, 2023 Thanks you. VDA can found the user name, but I wonder if it can found the FAS servers. 2023-02-24 08:59:00.183 <P2759:S3> citrix-ctxlogin: : message received; type=4, length=643, data=0x563dbddf8040, seq = 0 2023-02-24 08:59:00.183 <P2759:S3> citrix-ctxlogin: : XFrame: Begin Logon(usr='xxxx@xxx', Not Anonymous session , prompt=0, isReconnect=0, fPublishedApp=0, credentialsType is 2, client='DESKTOP-DJ2LRLA') 2023-02-24 08:59:00.183 <P2759:S3> citrix-ctxlogin: : Not yet implemented 2023-02-24 08:59:00.183 <P2759:S3> citrix-ctxlogin: : FAS login... 2023-02-24 08:59:00.183 <P2759:S3> citrix-ctxlogin: : The input username is xxxx@xxx. 2023-02-24 08:59:00.183 <P2759:S3> citrix-ctxlogin: : The parsed name is 'xxxx', domain is 'xxxx' and realm is 'xxxx.xx.xx'. 2023-02-24 08:59:00.183 <P2759:S3> citrix-ctxlogin: : Workaround passwd entry is xxxx\xxxx. 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : Passwd entry found : pPwd->(name='xxxx\xxxx'; dir='/home/xxxx@xxxx'') 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : The output username is xxxx@xxx. 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : workaround username is xxxx@xxx 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : cred_type [2],about to validate user 'xxxx@xxx' 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : username=xxxx@xxx, password[Not NULL], client_addr=xxxxx, credType=2 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : Entry, uid=974, euid=974. 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : [Logon Type] Federated Authentication Logon. 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : entry 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : start connect to server 0 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : entry 2023-02-24 08:59:00.186 <P2759:S3> citrix-ctxlogin: : waiting for response... 2023-02-24 08:59:00.395 <P2759:S3> citrix-ctxlogin: : query to server success 2023-02-24 08:59:00.395 <P2759:S3> citrix-ctxlogin: : exit 2023-02-24 08:59:00.395 <P2759:S3> citrix-ctxlogin: : entry 2023-02-24 08:59:00.396 <P2759:S3> citrix-ctxlogin: : waiting for response... 2023-02-24 08:59:00.483 <P2759:S3> citrix-ctxlogin: : query to server success 2023-02-24 08:59:00.483 <P2759:S3> citrix-ctxlogin: : exit 2023-02-24 08:59:00.483 <P2759:S3> citrix-ctxlogin: : connect to server 0 success 2023-02-24 08:59:00.483 <P2759:S3> citrix-ctxlogin: : entry 2023-02-24 08:59:00.484 <P2759:S3> citrix-ctxlogin: : waiting for response... 2023-02-24 08:59:00.496 <P2759:S3> citrix-ctxlogin: : query to server success 2023-02-24 08:59:00.496 <P2759:S3> citrix-ctxlogin: : exit 2023-02-24 08:59:00.496 <P2759:S3> citrix-ctxlogin: : waiting for response... 2023-02-24 08:59:00.496 <P2759:S3> citrix-ctxlogin: : verification pass 2023-02-24 08:59:00.496 <P2759:S3> citrix-ctxlogin: : exit, 0 2023-02-24 08:59:00.496 <P2759:S3> citrix-ctxlogin: : disconnect to server success 2023-02-24 08:59:00.496 <P2759:S3> citrix-ctxlogin: : disconnect to server succe Link to comment
0 MBi Posted February 24, 2023 Author Share Posted February 24, 2023 2023-02-24 09:08:57.921 <P3390:S4> citrix-ctxlogin: : pam_authenticate err[7],can retry for user xxxx@xxxx.xx.xx 2023-02-24 09:08:57.923 <P3390:S4> citrix-ctxlogin: : failed validation of user 'xxxx@xxxx.xx.xx', INVALID_PASSWORD 2023-02-24 09:08:57.923 <P3390:S4> citrix-ctxlogin: : Not yet implemented 2023-02-24 09:08:57.923 <P3390:S4> citrix-ctxlogin: : Exit SUCCESS 2023-02-24 09:08:57.923 <P3390:S4> citrix-ctxlogin: : Entry Link to comment
0 MBi Posted February 24, 2023 Author Share Posted February 24, 2023 FAS servers get the request : [S105] Server [XXXX\XX-XX$] issued identity assertion [upn: XXXXXX@xxxx.xx.xx, role default, Security Context: []]. [correlation: 374b1646-ed05-4153-ad2f-b2003aaf4e19] Can it be somethings with a case sensitive issue ? vda log shows pam_authenticate err[7],can retry for user XXXX@XXXX.XX.XX -> ALL UPPER CASE Windows server FAS log show XXXX@xxxx.xx.xx --> domain name in lower case. Link to comment
0 Chenxiang Wang Posted February 27, 2023 Share Posted February 27, 2023 The user name is intended to be converted to upper cases. Compare these logs with that from internal users, it must both use upper cases. Link to comment
Question
MBi
Hello,
Machines are deployed with MCS, they are domain joined and the registration is working.
The authentication is not working. Users get an Invalid Login message.
We use Winbind for AD integration and Gnome as the desktop.
Thanks for your help,
Link to comment
6 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now