• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Unable to ssh to server after integration into Active Directory (AD) Domain [CentOS/RHEL 7]

by admin

The Problem

The CentOS/RHEL 7.3 system was successfully configured to join an Active Directory domain. A user on the OL system cannot login and the following entries are found in the /var/log/messages system log:

2017-06-28T11:28:41.404719-04:00 adclient sshd[10352]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=X.X.X.X user=test1
2017-06-28T11:28:41.573420-04:00 adclient sshd[10352]: pam_krb5[10352]: account checks fail for 'test1@EXAMPLE.COM': user disallowed by .k5login file for 'test1'

The solution

The first line in the above /var/log/messages output indicates the Linux client has connected with the AD server, using the test1 user credentials. The second line reports that the account usage is blocked locally by the pam_krb5 PAM (Pluggable Authentication Modules) checking. This module is controlled by the $(HOME)/.k5login file.

Remedy

The preferred solution is to add the server principals into the per-user ${HOME}/.k5login file. Consult the K5LOGIN man page for additional information about adding items to this file.

Workaround

If you would prefer not to use the access control list (ACL) feature, these steps will disable the feature system-wide:

1. Be sure to make a backup of /etc/krb5.conf before making any changes.

2. Add the following lines to the file /etc/krb5.conf:

# vi /etc/krb5.conf
[appdefaults]
pam = {
    debug = false
    TEST.ORACLE.COM = {
        ignore_k5login = true
    }
}

3. Save the file.

Filed Under: CentOS/RHEL 7, Linux, OEL 7

Some more articles you might also be interested in …

  1. dir: command not found
  2. apktool – Reverse engineer APK files (Command Examples)
  3. hardinfo Command Examples in Linux
  4. How to Compress and Decompress .bz2 files in Linux Using bzip2 Command
  5. mknod Command Examples in Linux
  6. How to Enable FTP in CentOS/RHEL 5 and 6
  7. blastn: command not found
  8. sstat Command Examples in Linux
  9. 5 Useful Command Examples to Monitor User Activity under Linux
  10. How to use netstat command under Linux (Examples included)

You May Also Like

Primary Sidebar

Recent Posts

  • diffstat: Create a histogram from the output of the diff command
  • diffoscope: Compare files, archives, and directories
  • diff-pdf: Tool for comparing two PDFs
  • dict: Command line dictionary using the DICT protocol

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright