AD user is not able to login - Error retrieving access check result: Host Access Denied

Solution Verified - Updated -

Issue

  • AD user is not able to login to the system, sssd logs below errors in sssd_$domain.log and /var/log/secure shows:
/var/log/secure:

Mar 13 12:04:33 servera sshd[2701565]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=test_user@example.local.com
Mar 13 12:04:41 servera sshd[2701565]: pam_sss(sshd:account): Access denied for user test_user@example.local.com: 6 (Permission denied)
Mar 13 12:04:41 servera sshd[2701565]: Failed password for test_user@example.local.com from x.x.x.x port 41874 ssh2
Mar 13 12:04:41 servera sshd[2701565]: fatal: Access denied for user test_user@example.local.com by PAM account configuration [preauth]

sssd$domain.log:

(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [sdap_access_filter_done] (0x0100): User [test_user@example.local.com] was not found with the specified filter. Denying access.  <----
(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [sdap_access_filter_done] (0x0400): Access denied by online lookup
(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [ldb] (0x4000): Added timed event "ldb_kv_callback": 0x5563a2fcab60

(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [ldb] (0x4000): Added timed event "ldb_kv_timeout": 0x5563a2ff4730

(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [ldb] (0x4000): Running timer event 0x5563a2fcab60 "ldb_kv_callback"

(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [ldb] (0x4000): Destroying timer event 0x5563a2ff4730 "ldb_kv_timeout"

(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [ldb] (0x4000): Destroying timer event 0x5563a2fcab60 "ldb_kv_callback"

(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [sysdb_set_entry_attr] (0x0200): Entry [name=test_user@example.local.com,cn=users,cn=example.local.com,cn=sysdb] has set [ts_cache] attrs.  <<
(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [sdap_access_done] (0x0400): Access was denied.
(Mon Mar 13 12:04:41 2023) [sssd[be[example.local.com]]] [ad_sdap_access_done] (0x0040): Error retrieving access check result: Host Access Denied   <----

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Active Directory
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content