On 3/23/21 12:09 AM, Konstantin Boyandin via CentOS wrote: > Hello, > > I joined a CentOS 8 box to an AD, using the below document as general > guide: > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory > (section 14.1) > > A problem: after I tried to log on via SSH (as an AD user) to the box, > the journalctl gets the below records: > > March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:auth): > authentication success; logname= uid=0 euid=0 tty=ssh ruser= > rhost=10.10.0.55 user=username > March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:account): Access > denied for user username: 4 (System error) > March 23 12:41:01 sandbox.lan sshd[2262]: Failed password for username > from 10.10.0.55 port 57610 ssh2 > March 23 12:41:01 sandbox.lan sshd[2262]: fatal: Access denied for user > username by PAM account configuration [preauth] "System error" generally means an error internally to sssd. I would turn up sssd debugging and check the sssd logs in /var/log/sssd. Also, you'll probably get better support on the sssd list. -- Orion Poplawski he/him/his - surely the least important thing about me Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 https://www.nwra.com/