On 22 Jul 2018, at 22:47, Farshid Mahdavipour
<farchide(a)gmail.com> wrote:
Hi,
I have configured sssd.service to authenticate to AD on RHEL 7.5 and i have successfully
joined the rhel machine to AD.
but i cannot login to the machine with the AD account.
here is the error when i try to login with the AD credential:
mahdavif(a)172.17.248.71's password:
Last login: Sun Jul 22 18:59:23 2018 from 172.17.253.11
This account is currently not available.
I honestly don’t know without logs, see e.g.
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Connection to 172.17.248.71 closed.
here is the sssd.conf:
# cat /etc/sssd/sssd.conf
ad_server = srv_addcp001, srv_addcp002
[sssd]
domains =
corp.example.com
config_file_version = 2
services = nss, pam
[
domain/corp.example.com]
ad_domain =
corp.example.com
krb5_realm =
CORP.example.com
krb5_auth_timeout = 60
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
override_shell = /bin/bash
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
access_provider = ad
ad_server = srv_addcp001, srv_addcp002
here is the output of the realm list:
# realm list
corp.example.com
type: kerberos
realm-name:
CORP.example.com
domain-name:
corp.example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U
login-policy: allow-realm-logins
This is the /var/log/secure when trying to login :
Jul 22 17:13:05 azrlvm003 sshd[7202]: pam_sss(sshd:auth): authentication success;
logname= uid=0 euid=0 tty=ssh ruser= rhost=172.17.253.11 user=mahdavif
Jul 22 17:13:05 azrlvm003 sshd[7202]: Accepted password for mahdavif from 172.17.253.11
port 41628 ssh2
Jul 22 17:13:06 azrlvm003 sshd[7202]: pam_unix(sshd:session): session opened for user
mahdavif by (uid=0)
Jul 22 17:13:06 azrlvm003 sshd[7209]: Received disconnect from 172.17.253.11 port
41628:11: disconnected by user
Jul 22 17:13:06 azrlvm003 sshd[7209]: Disconnected from 172.17.253.11 port 41628
Jul 22 17:13:06 azrlvm003 sshd[7202]: pam_unix(sshd:session): session closed for user
mahdavif
And here pam_sss is not even called, but the user seems to be found by pam_unix. This
might indicate that the user is also present in the passwd/group files which is not
recommended.
sssd --version
1.16.0
I really appreciate if you can help me.
Thanks
Farshid
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahost...