Can't login in with AD accounts

Latest response

Good morning Everyone,

I am currently having issues with logging on to my RHEL server with AD accounts which is connected to a windows 2012 ad. The weird thing is that I was able to successfully join my server to the AD with one of the accounts I am trying. I then as root am even able to su to the accounts that I can't log in with and it creates the home directory under /home/(My domain)/domain_user.

I have checked the pam files to make sure that they have sufficient in them and are properly configured before it gets to pam deny. My sssd.conf file is properly set up just like my other servers. I checked to make sure the proper simple groups were in there and even added the specific simple users just to make sure.

My sssd_domain.log file look like it properly authenticated to the AD and had no issues there.

When I try to log in and am watching the secure logs however I get pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 equid=0 tty=tty1 ruser= rhost= user=username@domain

pam_sss(login:auth): authentication failure; logname=LOGIN uid=0 equid=0 tty=tty1 ruser= rhost= user=username@domain

pam_sss(login:auth): recieved for user username@domain: 4 (system error)

I know the passwords I am typing are correct and all the accounts are unlocked.

I can only share so much info so if anyone could point me in to the right direction I would appreciate it.

Responses

What are the errors you're seeing in the AD security logs for the auth failure?

So it generated a Directory Service Access audit Failure when I just tried it.

That's where you should start troubleshooting. sssd/pam is not successfully validating, so will always fail.

Personally I'd open a ticket with both RH and MS because unified auth can get tricky and it's hard to tell if the issue is with the Linux machine joined to the domain or AD itself.