Issue Connecting to Active Directory User via "Log On To" Restriction
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 59%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
h m
0
Reputation points
I have an Active Directory (AD) server where I've created a user, and I can successfully connect to it using LDAP search with the following command:
ldapsearch -x -H <AD_server> -D "cn=user_test,cn=users,dc=<dc1>,dc=<dc2>" -w <password> -b "cn=<dc1>,cn=<dc2>"
However, when I set the "Log On To" restriction in AD and specify a particular computer name, I encounter the following error:
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52e, v4f7c
I have already joined my Linux machine to the AD domain using these steps:
sudo apt install -y realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
sudo hostnamectl set-hostname <hostname>.<domain_name>
echo 'nameserver <ldap_server_ip>' > /etc/resolv.conf
realm discover <domain_name>
realm --verbose join -U '<username>' <domain_name>
realm --verbose join -U '<username>' <domain_name>
I can verify that the computer is joined to the domain both by using realm list and by checking in the AD UI.
Could anyone help me understand why the "Log On To" restriction might be causing this authentication issue, and how I can resolve it? Thank you!
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Sign in to answer