Linux/SssdADauth

• Using Windows active directory to authenticate Linux users, through sssd

• Example login failure, in correct group but no local account (User was in wrong ldap_search_base)

  Jun 29 02:12:20 arm-p02 sshd[25151]: Invalid user Smitxx from 10.x.x.x port 43508
  Jun 29 02:12:20 arm-p02 sshd[25151]: input_userauth_request: invalid user Smitxxx [preauth]
  Jun 29 02:12:29 arm-p02 sshd[25151]: pam_unix(sshd:auth): check pass; user unknown
  Jun 29 02:12:29 arm-p02 sshd[25151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=jumphost
  Jun 29 02:12:31 arm-p02 sshd[25151]: Failed password for invalid user Smitxxx from 10.x.x.x port 43508 ssh2

• Test with AD user in correct ldap_search_base but not in correct group ldap_access_filter

  Jun 29 03:08:07 arm-p02 sshd[2630]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=jumphost user=SmitX
  Jun 29 03:08:07 arm-p02 sshd[2630]: pam_sss(sshd:account): Access denied for user SmitX: 6 (Permission denied)
  Jun 29 03:08:07 arm-p02 sshd[2630]: Failed password for SmitX from 10.2.1.1 port 53288 ssh2
  Jun 29 03:08:07 arm-p02 sshd[2630]: fatal: Access denied for user SmitX by PAM account configuration [preauth]

• Login working User in ldap_search_base and group for ldap_access_filter

  Jun 29 03:17:27 arm-p02 sshd[4343]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=jumphost user=SmitX
  Jun 29 03:17:27 arm-p02 sshd[4343]: Accepted password for SmitX from 10.2.1.1 port 55038 ssh2
  Jun 29 03:17:57 arm-p02 sshd[4343]: pam_systemd(sshd:session): Failed to create session: Connection reset by peer
  Jun 29 03:17:57 arm-p02 sshd[4343]: pam_unix(sshd:session): session opened for user SmitX by (uid=0)

CategoryLinux