• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Unable to ssh to server after integration into Active Directory (AD) Domain [CentOS/RHEL 7]

By admin

The Problem

The CentOS/RHEL 7.3 system was successfully configured to join an Active Directory domain. A user on the OL system cannot login and the following entries are found in the /var/log/messages system log:

2017-06-28T11:28:41.404719-04:00 adclient sshd[10352]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=X.X.X.X user=test1
2017-06-28T11:28:41.573420-04:00 adclient sshd[10352]: pam_krb5[10352]: account checks fail for 'test1@EXAMPLE.COM': user disallowed by .k5login file for 'test1'

The solution

The first line in the above /var/log/messages output indicates the Linux client has connected with the AD server, using the test1 user credentials. The second line reports that the account usage is blocked locally by the pam_krb5 PAM (Pluggable Authentication Modules) checking. This module is controlled by the $(HOME)/.k5login file.

Remedy

The preferred solution is to add the server principals into the per-user ${HOME}/.k5login file. Consult the K5LOGIN man page for additional information about adding items to this file.

Workaround

If you would prefer not to use the access control list (ACL) feature, these steps will disable the feature system-wide:

1. Be sure to make a backup of /etc/krb5.conf before making any changes.

2. Add the following lines to the file /etc/krb5.conf:

# vi /etc/krb5.conf
[appdefaults]
pam = {
    debug = false
    TEST.ORACLE.COM = {
        ignore_k5login = true
    }
}

3. Save the file.

Filed Under: CentOS/RHEL 7, Linux, OEL 7

Some more articles you might also be interested in …

  1. How To Create a Local Yum Repository for MySQL Enterprise Packages
  2. How to List and Set SELinux Context for MySQL Server
  3. CentOS / RHEL 7 : How to create custom script to run automatically during boot
  4. The ultimate Linux interview questions : swap
  5. Linux OS Service ‘httpd’
  6. CentOS / RHEL 6 : How to change SNMP log level
  7. How to monitor the Mounting/Umounting of Mount Points Using Auditd on CentOS/RHEL 6,7
  8. CentOS / RHEL : Exclusion with Yum For Kernel Updates
  9. Beginners Guide to SELinux
  10. Unmounting a Windows Share Fails in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • How to Disable IPv6 on Ubuntu 18.04 Bionic Beaver Linux
  • How to Capture More Logs in /var/log/dmesg for CentOS/RHEL
  • Unable to Start RDMA Services on CentOS/RHEL 7
  • How to rename a KVM VM with virsh
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary