You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

OCI: Users Are Unable to Do SSH Authentication on AD Server

in Linux 1 comment

Applies to: 

Oracle Cloud Infrastructure - Version N/A and later

Oracle Linux 7 x86_64 and later

 

Symptoms

Some users are able to login with ssh via AD credentials, while some do not:

For a working user in /var/log/secure:

Aug 22 15:12:19 <HOSTNAME> sshd[30093]: Authorized to <good-user>, krb5 principal <good-user>@<AD-DOMAIN> (ssh_gssapi_krb5_cmdok)
 Aug 22 15:12:19 <HOSTNAME> sshd[30093]: Accepted gssapi-with-mic for <good-user> from 10.42.16.28 port 64889 ssh2
 Aug 22 15:36:30 <HOSTNAME> sshd[30093]: pam_unix(sshd:session): session closed for user <good-user>

For a non-working user in /var/log/secure:

 Aug 23 15:26:17 <HOSTNAME> sshd[24663]: Invalid user <bad-user> from 10.XX.XX.XX port 49536
 Aug 23 15:26:17 <HOSTNAME> sshd[24663]: input_userauth_request: invalid user <bad-user> [preauth]

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!