SSH Using AD Fails with Error: [be[<DOM>]] [ad_gpo_access_done] (0x0040): GPO-based access control
in Linux
Applies To:
Oracle Cloud Infrastructure - Version N/A and later
Linux OS - Version Oracle Linux 8.1 and later
Symptoms:
The system is configured to authenticate to an Active Directory (AD).
Commands like id
and sudo
work, but login through SSH fail.
/var/log/secure*
show:
fatal: Access denied for user <USER> by PAM account configuration [preauth]
/var/log/sssd/sssd_<DOMAIN>.log* show:
(2021-10-01 4:12:14): [be[<DOMAIN>]] [well_known_sid_to_name] (0x0040): handle_special_sids failed. (2021-10-01 4:12:14): [be[<DOMAIN>]] [ad_gpo_target_dn_retrieval_done] (0x0040): No DN retrieved for policy target. (2021-10-01 4:12:14): [be[<DOMAIN>]] [ad_gpo_access_done] (0x0040): GPO-based access control failed.
Tagged:
0