Just instaled SSSD using this guide to get active directory authentication working on Ubuntu 18.04.5 LTS.
It worked for our first server, but for whatever reason the one i'm trying to install on next will not allow domain users to login.
I'm new to this feature, so apologies if I'm not familiar with the logs that need to be provided. Please let me know what files I can provide if this is not helpful enough.
auth.log :
Jun 16 15:14:35 zoneminder su[2678]: pam_unix(su:auth): authentication failure; logname=razeth uid=1000 euid=0 tty=/dev/pts/1 ruser=razeth rhost= [email protected]
Jun 16 15:14:35 zoneminder su[2678]: pam_sss(su:auth): authentication failure; logname=razeth uid=1000 euid=0 tty=/dev/pts/1 ruser=razeth rhost= [email protected]
Jun 16 15:14:35 zoneminder su[2678]: pam_sss(su:auth): received for user [email protected]: 7 (Authentication failure)
Jun 16 15:14:37 zoneminder su[2678]: pam_authenticate: Authentication failure
Jun 16 15:14:37 zoneminder su[2678]: FAILED su for [email protected] by razeth
Jun 16 15:14:37 zoneminder su[2678]: - /dev/pts/1 razeth:[email protected]
sudo realm list :
domain.com
type: kerberos
realm-name: domain.com
domain-name: domain.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %[email protected]
login-policy: allow-realm-logins
/etc/sssd/sssd.conf :
[sssd]
domains = domain.com
config_file_version = 2
services = nss, pam
[domain/domain.com]
ad_domain = domain.com
krb5_realm = DOMAIN>COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
ad_gpo_access_control = permissive
sssctl config-check shows no errors.
