OCI: Users Are Unable to Do SSH Authentication on AD Server
Applies to:
Oracle Cloud Infrastructure - Version N/A and later
Oracle Linux 7 x86_64 and later
Symptoms
Some users are able to login with ssh via AD credentials, while some do not:
For a working user in /var/log/secure:
Aug 22 15:12:19 <HOSTNAME> sshd[30093]: Authorized to <good-user>, krb5 principal <good-user>@<AD-DOMAIN> (ssh_gssapi_krb5_cmdok) Aug 22 15:12:19 <HOSTNAME> sshd[30093]: Accepted gssapi-with-mic for <good-user> from 10.42.16.28 port 64889 ssh2 Aug 22 15:36:30 <HOSTNAME> sshd[30093]: pam_unix(sshd:session): session closed for user <good-user>
For a non-working user in /var/log/secure:
Aug 23 15:26:17 <HOSTNAME> sshd[24663]: Invalid user <bad-user> from 10.XX.XX.XX port 49536 Aug 23 15:26:17 <HOSTNAME> sshd[24663]: input_userauth_request: invalid user <bad-user> [preauth]
Tagged:
0