LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-25-2017, 03:37 PM   #1
rohit.dhaval1
Member
 
Registered: Jul 2009
Posts: 44
Blog Entries: 2

Rep: Reputation: 0
Unable to login to RHEL 6 with domain user


Hello,

I am unable to login to RHEL host using domain user.


Code:
Jul 25 21:18:46 linuxhost sshd[4194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.19.33.101  user=adm-usr0044@domain.local
Jul 25 21:18:47 linuxhost sshd[4194]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.19.33.101 user=adm-usr0044@domain.local
Jul 25 21:18:47 linuxhost sshd[4194]: pam_krb5[4194]: account checks fail for 'adm-usr0044@domain.LOCAL': user disallowed by .k5login file for 'adm-usr0044@domain.local'
Jul 25 21:18:47 linuxhost sshd[4195]: fatal: Access denied for user adm-usr0044@domain.local by PAM account configuration
Jul 25 21:18:47 linuxhost sshd[4194]: Failed password for adm-usr0044@domain.local from 172.19.33.101 port 54632 ssh2

Putty exits with below message

Quote:
Server unexpectedly closed network connection
I have tried putting below given in /etc/krb5.conf but no help.

Quote:
ignore_k5login = true
ALso, I have edited max connection in /etc/sshd/sshd_config

Quote:
Protocol 2

# cat /etc/ssh/sshd_config | grep -v ^#

SyslogFacility AUTHPRIV
MaxSessions 100
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
 
Old 07-25-2017, 04:03 PM   #2
rohit.dhaval1
Member
 
Registered: Jul 2009
Posts: 44

Original Poster
Blog Entries: 2

Rep: Reputation: 0
This is the main culprit
Quote:
pam_krb5[4471]: account checks fail for 'adm-usr0044@domain.LOCAL': user disallowed by .k5login file for
 
Old 07-25-2017, 04:55 PM   #3
rohit.dhaval1
Member
 
Registered: Jul 2009
Posts: 44

Original Poster
Blog Entries: 2

Rep: Reputation: 0
Hello,

below given blog helped me.


All I did was put all the domain names in same case (UPPER/LOWER) and restarted sssd

Quote:
Changed krb_realm case in /etc/sssd/sssd.conf file {it was my mistake probably}

and then,

Quote:
authconfig --enablesssd --enablesssdauth --disableldap --disableldapauth --disablekrb5 --update
/etc/init.d/sssd restart^

Last edited by rohit.dhaval1; 07-25-2017 at 05:04 PM.
 
  


Reply

Tags
domain controller, kerberos, ssh remote


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to login the linux server as a domain user. mjafferkhader Linux - Server 4 04-26-2017 08:22 AM
Unable to login root user on RHEL 7.0 sandeep002gupta Linux - Desktop 21 12-06-2014 11:00 AM
Ubuntu/AD/KRB5/LDAP/NIS able to use domain user login with putty, unable in gui login Nitroglycerine Linux - Server 0 06-28-2012 04:17 AM
unable to login using domain user mrizwanahmed Linux - Networking 8 09-25-2010 04:54 AM
winbind + samba + gdm unable to login with Domain user theowl Linux - Networking 1 06-11-2004 08:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration