You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

SSH Using AD Fails with Error: [be[<DOM>]] [ad_gpo_access_done] (0x0040): GPO-based access control

Applies To:

Oracle Cloud Infrastructure - Version N/A and later

Linux OS - Version Oracle Linux 8.1 and later

Symptoms:

The system is configured to authenticate to an Active Directory (AD).

Commands like id and sudo work, but login through SSH fail.

/var/log/secure* show:

fatal: Access denied for user <USER> by PAM account configuration [preauth]

/var/log/sssd/sssd_<DOMAIN>.log* show:

(2021-10-01 4:12:14): [be[<DOMAIN>]] [well_known_sid_to_name] (0x0040): handle_special_sids failed.
(2021-10-01 4:12:14): [be[<DOMAIN>]] [ad_gpo_target_dn_retrieval_done] (0x0040): No DN retrieved for policy target.
(2021-10-01 4:12:14): [be[<DOMAIN>]] [ad_gpo_access_done] (0x0040): GPO-based access control failed.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!