Score:0

New SSSD Active Directory install does not allow logins

np flag

Just instaled SSSD using this guide to get active directory authentication working on Ubuntu 18.04.5 LTS.

It worked for our first server, but for whatever reason the one i'm trying to install on next will not allow domain users to login.

I'm new to this feature, so apologies if I'm not familiar with the logs that need to be provided. Please let me know what files I can provide if this is not helpful enough.

auth.log :

Jun 16 15:14:35 zoneminder su[2678]: pam_unix(su:auth): authentication failure; logname=razeth uid=1000 euid=0 tty=/dev/pts/1 ruser=razeth rhost=  [email protected]
Jun 16 15:14:35 zoneminder su[2678]: pam_sss(su:auth): authentication failure; logname=razeth uid=1000 euid=0 tty=/dev/pts/1 ruser=razeth rhost= [email protected]
Jun 16 15:14:35 zoneminder su[2678]: pam_sss(su:auth): received for user [email protected]: 7 (Authentication failure)
Jun 16 15:14:37 zoneminder su[2678]: pam_authenticate: Authentication failure
Jun 16 15:14:37 zoneminder su[2678]: FAILED su for [email protected] by razeth
Jun 16 15:14:37 zoneminder su[2678]: - /dev/pts/1 razeth:[email protected]

sudo realm list :

domain.com
  type: kerberos
  realm-name: domain.com
  domain-name: domain.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %[email protected]
  login-policy: allow-realm-logins

/etc/sssd/sssd.conf :

[sssd]
domains = domain.com
config_file_version = 2
services = nss, pam

[domain/domain.com]
ad_domain = domain.com
krb5_realm = DOMAIN>COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
ad_gpo_access_control = permissive

sssctl config-check shows no errors.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.