Unable to Login as AD or IPA User due to "pam_sss 4 (system error) authentication failure"
Issue
- Users are unable to login AD user from Direct Integration using SSSD
- Similar issues can arise around logging into an Identity Management domain with IPA domain users or AD trust users.
- System Error 4 from pam_sss is visible in the
/var/log/securelog for the failed authentication attempts. - Example of problem below showing SSHD failed auth:
Nov 20 12:34:04 r9-sssd sshd[102095]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=::1 user=j.doe@test.labs
Nov 20 12:34:04 r9-sssd sshd[102095]: pam_sss(sshd:auth): received for user j.doe@test.labs: 4 (System error)
Nov 20 12:34:06 r9-sssd sshd[102095]: Failed password for j.doe@test.labs from ::1 port 38676 ssh2
Nov 20 12:34:09 r9-sssd sshd[102095]: Connection closed by authenticating user j.doe@test.labs ::1 port 38676 [preauth]
Environment
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 10
- Active Directory (AD)
- Identity Managment (IPA/IdM)
- SSSD
- pam_sss
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
