0
sssd.conf:
[sssd]
domains = corp.com
config_file_version = 2
services = nss, pam
[domain/corp.com]
ad_domain = corp.lecapam.com
krb5_realm = CORP.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
access_provider = simple
simple_allow_groups = RootUser,NonRootUser
The issue is, members of NonRootUser AD groups can't make SSH connection, while members of RootUser can, i recently added NonRootUser AD group to configuration and restarted sshd and sssd service.
Errors:
sshd[29077]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=ad01.corp.com user=corp\test
sshd[29077]: pam_sss(sshd:account): Access denied for user corp\test: 6 (Permission denied)
sshd[29077]: Failed password for corp\\test from 1.1.1.1 port 60235 ssh2
sshd[29077]: fatal: Access denied for user corp\\\\test by PAM account configuration [preauth]
scripter
Posted 2019-04-24T08:11:05.043
Reputation: 21
Removed NonRootUser line from sssd.conf file, restarted sssd service, then appended NonRootUser again, restarted sssd.conf and all stared working ???! – scripter – 2019-04-25T07:48:19.380