I have a DC (Debian) that seems to be working fine. I am able to join the domain but when I join a Fedora member it joins but the DNS isn't registered. I have to manually add the record to the dc. The Debian members join just fine. I am also able to ssh and log in to the Debian members using the desktop gui. I am not able to do either with the Fedora member. Only local users can log in (ssh/gui).
/var/log/audit/audit.log
type=CRYPTO_SESSION msg=audit(1636214847.520:2087): pid=32861 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-server [email protected] ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=32862 suid=74 rport=34444 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1636214847.522:2088): pid=32861 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-client [email protected] ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=32862 suid=74 rport=34444 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1636214851.295:2089): pid=32861 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=? acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1636214857.117:2090): pid=32861 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=session fp=? direction=both spid=32862 suid=74 rport=34444 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_KEY_USER msg=audit(1636214857.117:2091): pid=32861 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e:d3:73 direction=? spid=32862 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_KEY_USER msg=audit(1636214857.122:2092): pid=32861 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e:d3:73 direction=? spid=32861 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=USER_LOGIN msg=audit(1636214857.122:2093): pid=32861 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
/etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
PasswordAuthentication yes
AllowGroups "domain users"
/etc/pam.d/sshd
#%PAM-1.0
auth substack password-auth
auth include postlogin
account required pam_sepermit.so
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session optional pam_krb5.so minimum_uid=1000
session optional pam_winbind.so
session optional pam_sss.so
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session optional pam_motd.so
session include password-auth
session include postlogin
0 Answers