Ldap user with uidNumber<1000 cannot login LDAP client host via sssd
Issue
-
Using
sssdinRHEL 8.9to connect toOpenLDAPinRHEL 7.9: one LDAP userldapuseris unable to login by ssh. However, another LDAP userworkinguseris able to login byssh. -
See Ldap user attributes below:
ldapuser ldap user attributes:
# ldapuser, idm.example.com
dn: uid=ldapuser,dc=idm,dc=example,dc=com
uid: ldapuser
cn: ldapuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 210
homeDirectory: /home/ldapuser
gecos: ldapuser
shadowMax: 99999
shadowLastChange: 18814
userPassword:: e1NTSEF9NTh3ZEduS2V6ckZnMXM0dm5RNk92VlZBSmlrK0FnbE4=
workinguser ldap user attributes:
# workinguser, SS, idm.example.com
dn: uid=workinguser,ou=SS,dc=idm,dc=example,dc=com
uid: workinguser
cn: John Thakur
gecos: John Thakur
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMin: 0
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 2174
gidNumber: 210
homeDirectory: /usr/local/ldapuser/home/workinguser
shadowMax: 99999
shadowLastChange: 0
userPassword:: e1NTSEF9Q2xWZmlBZUNvWlQrd3hwM2hIaGJZR0lNL3VsTVU2OFc=
- Error log when
ldapuserfailed to login:
Oct 16 16:01:16 LDAPCLIENT1 sshd[55353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.10.10
Oct 16 16:01:16 LDAPCLIENT1 sshd[55353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.10.10
Oct 16 16:01:17 LDAPCLIENT1 sshd[55353]: Failed password for invalid user ldapuser from 192.168.10.10 port 58690 ssh2
Oct 16 16:01:17 LDAPCLIENT1 sshd[55353]: Failed password for invalid user ldapuser from 192.168.10.10 port 58690 ssh2
Environment
- Red Hat Enterprise Linux 8.9
- SSSD
- OPenLDAP
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
