On 05.04.2021 08:19, Orion Poplawski wrote: > On 3/23/21 12:09 AM, Konstantin Boyandin via CentOS wrote: >> Hello, >> >> I joined a CentOS 8 box to an AD, using the below document as general >> guide: >> >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory >> (section 14.1) >> >> A problem: after I tried to log on via SSH (as an AD user) to the box, >> the journalctl gets the below records: >> >> March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:auth): >> authentication success; logname= uid=0 euid=0 tty=ssh ruser= >> rhost=10.10.0.55 user=username >> March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:account): Access > >> denied for user username: 4 (System error) >> March 23 12:41:01 sandbox.lan sshd[2262]: Failed password for username >> from 10.10.0.55 port 57610 ssh2 >> March 23 12:41:01 sandbox.lan sshd[2262]: fatal: Access denied for user > >> username by PAM account configuration [preauth] > > "System error" generally means an error internally to sssd. I would > turn up sssd debugging and check the sssd logs in /var/log/sssd. Also, > you'll probably get better support on the sssd list. Thanks for this and previous responses. I am trying to determine whether to look for further; as soon as I figure out where to look at, I could ask for more details (here, in sssd and/or Samba lists). -- Sincerely, Konstantin Boyandin system administrator (ProWide Labs Ltd. - IPHost Network Monitor)