Join Log in
Score:0
Keven Jones avatar Server

OEL 8.3 SSSD AD Login issue

mx flag
Keven Jones

I am running Oracle Enterprise LINUX 8.3 . I am able to join my AD domain with an admin account but when I try to login to the server using the same credentials that I used to join the server to the AD I am getting incorrect password.

Jun 24 17:30:57 rdc-stg-master1 sshd[1896]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.28.236.43 [email protected]
Jun 24 17:30:57 rdc-stg-master1 sshd[1896]: pam_sss(sshd:auth): received for user [email protected]: 4 (System error)
Jun 24 17:30:59 rdc-stg-master1 sshd[1896]: Failed password for [email protected] from 172.28.236.43 port 55884 ssh2
Jun 24 17:31:02 rdc-stg-master1 sshd[1896]: Connection closed by authenticating user [email protected] 172.28.236.43 port 55884 [preauth]

Not sure how I can join the domain successfully but then it tells me incorrect password when trying to SSH.

here is my sssd.conf

[root@rdc-stg-master1 sssd]# more sssd.conf

[sssd]
domains = DC.com
config_file_version = 2
services = nss, pam

[domain/DC.com]
ad_domain = DC.com
krb5_realm = RDC.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
[root@rdc-stg-master1 sssd]#

[root@rdc-stg-master1 sssd]# nslookup dc.com
Server:         172.28.17.166
Address:        172.28.17.166#53

Name:   dc.com
Address: 172.28.17.167
Name:   dc.com
Address: 172.28.17.166

LOG file:

(2021-06-24 17:30:48): [be[DC.com]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Input/output error, resolver returned: [11]: Could not contact DNS servers
(2021-06-24 17:30:48): [be[DC.com]] [nsupdate_get_addrs_done] (0x0040): nsupdate_get_addrs_done failed: [5]: [Input/output error]
(2021-06-24 17:30:48): [be[DC.com]] [sdap_dyndns_dns_addrs_done] (0x0040): Could not receive list of current addresses [5]: Input/output error
(2021-06-24 17:30:48): [be[DC.com]] [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [5]: Input/output error
(2021-06-24 17:30:48): [be[DC.com]] [be_ptask_done] (0x0040): Task [Dyndns update]: failed with [5]
: Input/output error
(2021-06-24 17:30:48): [be[DC.com]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error
(2021-06-24 17:30:48): [be[DC.com]] [sdap_sudo_get_hostnames_done] (0x0040): Could not resolve fqdn for this machine, error [5]: Input/output error, resolver returned: [11]: Could not contact DNS servers
(2021-06-24 17:30:48): [be[DC.com]] [sdap_sudo_get_hostinfo_done] (0x0020): Unable to retrieve hostnames [5]: Input/output error
(2021-06-24 17:30:48): [be[DC.com]] [sdap_sudo_refresh_hostinfo_done] (0x0040): Unable to retrieve
host information, host filter will be disabled [5]: Input/output error
(2021-06-24 17:30:52): [be[DC.com]] [write_krb5info_file_from_fo_server] (0x0020): There is no server that can be written into kdc info file.

Any ideas?

1550
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.