2

I am trying to join a CentOS 7.5 to a Windows Active Directory Domain for authenticating AD users. Although, the joining process has been successful, I'm unable to authenticate any users though. Following are the steps that were taken. Firstly, I followed this wonderful guide, How to join centos to AD.

When I do realm list, the output is:

dev.mydomain.local
type: kerberos
realm-name: DEV.MYDOMAIN.LOCAL
domain-name: dev.mydomain.local
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U
login-policy: allow-realm-logins

Also, as suggested in the article, I do see the CentOS PC appear in the computer object in AD.

When I query the user,

id centosuser

uid=6XXXXXXXX(centosuser) gid=6XXXXXXXXXXX(domain users) 
groups=6XXXXXXX(domain users),6XXXXXXXXXX(sudoers)

Then restarted sssd and sshd.

When I try to login via ssh as a centosuser,

[root@centos7-PC ~]# ssh centosuser@<IP address of centos7-PC>
centosuser@<IP address of centos7-PC> password: 
Authentication failed.

prompts for the password, after which, the authentication fails. Not sure, what is going on here. When I look at the sshd status, this is what I see

systemctl status sshd    

Jan 04 03:48:11 FQDN of CentOS PC sshd[5632]: Failed password for centosuser from ::1 port 39924 ssh2
Jan 04 03:48:11 FQDN of CentOS PC sshd[5632]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
Jan 04 03:52:50 FQDN of CentOS PC sshd[5715]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost...tosuser
Jan 04 03:54:20 FQDN of CentOS PC sshd[5715]: Failed password for centosuser from <IP address of CentOS PC> port 51118 ssh2
Jan 04 03:54:20 FQDN of CentOS PC sshd[5715]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
Jan 04 04:04:20 FQDN of CentOS PC sshd[5771]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost...tosuser
Jan 04 04:05:50 FQDN of CentOS PC sshd[5771]: Failed password for centosuser from <IP address of CentOS PC> port 51144 ssh2
Jan 04 04:05:50 FQDN of CentOS PC sshd[5771]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
hypersonics
  • 213
  • 3
  • 9
  • 1
    Could you add more verbose output of `ssh -v centosuser@box` or `ssh -vvv centosuser@box`? I think the general idea and configuration is working, but SSHD has to get up to speed with AD auth. – Lenniey Jan 04 '19 at 09:59
  • Also look to eventvwr whether there isn't something in the Security log (prior to this the auditing in AD must be enabled) - maybe you will find here any clue for solving your problem. Verbose ssh output as Lenniey says is also good idea. – patok Jan 04 '19 at 18:34
  • Something like this happens to me in the pass and the problem was a mismatch between the `/etc/passwd` and `/etc/shadow` files because I manually edited a user in the first but forgot to do it in the second. – Manuel Florian Jan 05 '19 at 04:44

1 Answers1

0

i am also facing same issue but after checking logs from /var/log/secure Their is issue with winbind so from authconfig-tui remove winbind and restarted sssd service.

Hope that will help you.

JAYANTA KHASNIKAR
  • 1