[CentOS] "System error" when trying to logon via SSH to CentOS 8 joined to AD

Sun Apr 11 12:59:53 UTC 2021
Konstantin Boyandin <lists at boyandin.info>

On 05.04.2021 08:19, Orion Poplawski wrote:
> On 3/23/21 12:09 AM, Konstantin Boyandin via CentOS wrote:
>> Hello,
>>
>> I joined a CentOS 8 box to an AD, using the below document as general 
>> guide:
>>
>>
 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory
 
>> (section 14.1)
>>
>> A problem: after I tried to log on via SSH (as an AD user) to the box, 
>> the journalctl gets the below records:
>>
>> March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:auth): 
>> authentication success; logname= uid=0 euid=0 tty=ssh ruser= 
>> rhost=10.10.0.55 user=username
>> March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:account): Access 
> 
>> denied for user username: 4 (System error)
>> March 23 12:41:01 sandbox.lan sshd[2262]: Failed password for username 
>> from 10.10.0.55 port 57610 ssh2
>> March 23 12:41:01 sandbox.lan sshd[2262]: fatal: Access denied for user 
> 
>> username by PAM account configuration [preauth]
> 
> "System error" generally means an error internally to sssd.  I would 
> turn up sssd debugging and check the sssd logs in /var/log/sssd.  Also, 
> you'll probably get better support on the sssd list.

Thanks for this and previous responses. I am trying to determine whether 
to look for further; as soon as I figure out where to look at, I could 
ask for more details (here, in sssd and/or Samba lists).

-- 
Sincerely,

Konstantin Boyandin
system administrator (ProWide Labs Ltd. - IPHost Network Monitor)