Home / server / Questions / 947550
In Process
hypersonics
Asked: 2019-01-04 20:48:51 +0800 CST

Authenticate AD user after joining CentOS 7 to Active Directory Domain

  • 772

I am trying to join a CentOS 7.5 to a Windows Active Directory Domain for authenticating AD users. Although, the joining process has been successful, I'm unable to authenticate any users though. Following are the steps that were taken. Firstly, I followed this wonderful guide, How to join centos to AD.

When I do realm list, the output is:

dev.mydomain.local
type: kerberos
realm-name: DEV.MYDOMAIN.LOCAL
domain-name: dev.mydomain.local
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U
login-policy: allow-realm-logins

Also, as suggested in the article, I do see the CentOS PC appear in the computer object in AD.

When I query the user,

id centosuser

uid=6XXXXXXXX(centosuser) gid=6XXXXXXXXXXX(domain users) 
groups=6XXXXXXX(domain users),6XXXXXXXXXX(sudoers)

Then restarted sssd and sshd.

When I try to login via ssh as a centosuser,

[root@centos7-PC ~]# ssh centosuser@<IP address of centos7-PC>
centosuser@<IP address of centos7-PC> password: 
Authentication failed.

prompts for the password, after which, the authentication fails. Not sure, what is going on here. When I look at the sshd status, this is what I see

systemctl status sshd    

Jan 04 03:48:11 FQDN of CentOS PC sshd[5632]: Failed password for centosuser from ::1 port 39924 ssh2
Jan 04 03:48:11 FQDN of CentOS PC sshd[5632]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
Jan 04 03:52:50 FQDN of CentOS PC sshd[5715]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost...tosuser
Jan 04 03:54:20 FQDN of CentOS PC sshd[5715]: Failed password for centosuser from <IP address of CentOS PC> port 51118 ssh2
Jan 04 03:54:20 FQDN of CentOS PC sshd[5715]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
Jan 04 04:04:20 FQDN of CentOS PC sshd[5771]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost...tosuser
Jan 04 04:05:50 FQDN of CentOS PC sshd[5771]: Failed password for centosuser from <IP address of CentOS PC> port 51144 ssh2
Jan 04 04:05:50 FQDN of CentOS PC sshd[5771]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
centos

1 Answers

  1. i am also facing same issue but after checking logs from /var/log/secure Their is issue with winbind so from authconfig-tui remove winbind and restarted sssd service.

    Hope that will help you.

    • 0