Home / server / Questions / 811033
In Process
spuder
Asked: 2016-10-25 12:45:12 +0800 CST

sssd allow login with both short and log domain credentials

  • 772

I've setup ubuntu 16.04 to authenticate to active directory using realmd according to the azure instructions

I find that I can login as bob@example but not [email protected]

How can I configure ubuntu to allow logging in as both the short name and the long name. 

[sssd]
domains = example.com
config_file_version = 2
services = nss, pam

[domain/example.com]
ad_domain = example.com
krb5_realm = EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad

The audit logs for both an unsuccesfull and a successful login

[email protected]

Oct 24 20:25:59 server1 sshd[55960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.0.2.0  [email protected]
Oct 24 20:26:00 server1 sshd[55960]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.0.2.0 [email protected]
Oct 24 20:26:00 server1 sshd[55960]: pam_sss(sshd:auth): received for user [email protected]: 17 (Failure setting user credentials)
Oct 24 20:26:02 server1 sshd[55960]: Failed password for [email protected] from 192.0.2.0 port 9682 ssh2
Oct 24 20:26:04 server1 sshd[55960]: error: Received disconnect from 192.0.2.0 port 9682:13: Unable to authenticate [preauth]
Oct 24 20:26:04 server1 sshd[55960]: Disconnected from 192.0.2.0 port 9682 [preauth]

bob@example

Oct 24 20:26:24 server1 sshd[55975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.0.2.0  user=bob@example
Oct 24 20:26:26 server1 sshd[55975]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.0.2.0 user=bob@example
Oct 24 20:26:27 server1 sshd[55975]: Accepted password for bob@example from 192.0.2.0 port 9693 ssh2
Oct 24 20:26:27 server1 sshd[55975]: pam_unix(sshd:session): session opened for user bob@example by (uid=0)
Oct 24 20:26:27 server1 systemd-logind[961]: New session 325 of user [email protected].
active-directory domain

1 Answers

  1. In the documentation, most likely you need to set the default domain suffix under the [sssd] section

    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sssd-user-ids.html

    /etc/sssd/sssd.conf

    [sssd]
domains = example.com
config_file_version = 2
services = nss, pam
default_domain_suffix = EXAMPLE.COM

    Then restart sssd

    service sssd restart

    or

    systemctl restart sssd

    As a side note, make sure you don't have any comments in /etc/sssd/sssd.conf

    • 1