[SSSD] Unable to login in using AD authentication

Sat, 30 Mar 2024 20:18:38 -0700 

Operating steps:
1.  Create ububntu2204 and windows server2019  virtual machines, in proxmox7.4
2. configure the domain and DNS: ad.example.com, in AD server
3. On Ubuntu, configure the hostname, DNS, and run the following command: apt 
install adcli realmd sssd-ad sssd-tools.
4. Join the domain: realm discover ad.example.com && realm join ad.example.com 
&& pam-auth-update --enable mkhomedir
5. Modify sssd.conf, and restart sssd server
```
[sssd]
domains = ad.example.com
config_file_version = 2
services = nss, pam
debug_level = 6

[pam]
debug_level = 9

[domain/ad.example.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u
ad_domain = ad.example.com
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
ad_gpo_access_control = permissive
debug_level = 6
```
After run `login Administrator`logging in, an error is reported: 
`authentication service cannot retrieve authentication info`, and the pam log 
shows:
```
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_search_send] (0x0400): CR #9: 
Returning [ad...@ad.example.com] from cache
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_search_ncache_filter] (0x0400): CR 
#9: This request type does not support filtering result by negative cache
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_create_and_add_result] (0x0400): CR 
#9: Found 2 entries in domain ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_done] (0x0400): CR #9: Finished: 
Success
(Fri Mar 29 16:09:14 2024) [pam] [pd_set_primary_name] (0x0400): User's primary 
name is ad...@ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_initgr_cache_set] (0x2000): [admin] added 
to PAM initgroup cache
(Fri Mar 29 16:09:14 2024) [pam] [pam_dp_send_req] (0x0100): Sending request 
with the following data:
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): command: 
SSS_PAM_ACCT_MGMT
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): domain: 
ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): user: 
ad...@ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): service: login
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): tty: /dev/pts/0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): ruser: not set
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): rhost: not set
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): authtok type: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): newauthtok type: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): priv: 1
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): cli_pid: 30196
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): logon name: admin
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): flags: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req 
returned 0
(Fri Mar 29 16:09:19 2024) [pam] [pam_initgr_cache_remove] (0x2000): [admin] 
removed from PAM initgroup cache
(Fri Mar 29 16:09:19 2024) [pam] [pam_initgr_cache_remove] (0x2000): [admin] 
removed from PAM initgroup cache
(Fri Mar 29 16:09:28 2024) [pam] [client_idle_handler] (0x2000): Terminating 
idle client [0x5631a8db3720][19]
(Fri Mar 29 16:09:28 2024) [pam] [client_close_fn] (0x2000): Terminated client 
[0x5631a8db3720][19]
(Fri Mar 29 16:09:44 2024) [pam] [setup_client_idle_timer] (0x4000): Idle timer 
re-set for client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:04 2024) [pam] [sbus_dispatch] (0x4000): Dispatching.
(Fri Mar 29 16:10:14 2024) [pam] [setup_client_idle_timer] (0x4000): Idle timer 
re-set for client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:44 2024) [pam] [client_idle_handler] (0x2000): Terminating 
idle client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:44 2024) [pam] [client_close_fn] (0x2000): Terminated client 
[0x5631a8da9b00][20]
(Fri Mar 29 16:11:20 2024) [pam] [sbus_dispatch] (0x4000): Dispatching.
```
Which seems to indicate that no response is received

With the same steps, I was able to configure and successfully log in on VMware.

Please advise what might be causing this issue.
--
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to