[CentOS] "System error" when trying to logon via SSH to CentOS 8 joined to AD

Mon Apr 5 01:19:18 UTC 2021
Orion Poplawski <orion at nwra.com>

On 3/23/21 12:09 AM, Konstantin Boyandin via CentOS wrote:
> Hello,
> I joined a CentOS 8 box to an AD, using the below document as general 
> guide:
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory 
> (section 14.1)
> A problem: after I tried to log on via SSH (as an AD user) to the box, 
> the journalctl gets the below records:
> March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:auth): 
> authentication success; logname= uid=0 euid=0 tty=ssh ruser= 
> rhost= user=username
> March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:account): Access 

> denied for user username: 4 (System error)
> March 23 12:41:01 sandbox.lan sshd[2262]: Failed password for username 
> from port 57610 ssh2
> March 23 12:41:01 sandbox.lan sshd[2262]: fatal: Access denied for user 

> username by PAM account configuration [preauth]

"System error" generally means an error internally to sssd.  I would 
turn up sssd debugging and check the sssd logs in /var/log/sssd.  Also, 
you'll probably get better support on the sssd list.

Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/