我是 Ubuntu 新手,在配置 SSSD 方面没有任何经验。最近我配置了一台 Ubuntu 机器,使用 SSSD-AD 对网络用户进行身份验证。我按照https://ubuntu.com/server/docs/service-sssd-ad到目前为止,我已成功将 Ubuntu 计算机添加到 AD 域。getent 正确返回了 AD 对象。但是,当我对服务器执行 SSH 时,我得到了不一致的结果。有时我成功登录,有时却失败了。
以下是用户名、IP 和域名更改后的 /var/log/auth.log 输出。
成功登录后:
May 11 03:29:31 ubuntu01 sshd[3085401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.60.217.155 [email protected]
May 11 03:29:31 ubuntu01 sshd[3085401]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.60.217.155 [email protected]
May 11 03:29:33 ubuntu01 sshd[3085401]: Accepted password for [email protected] from 10.60.217.155 port 52525 ssh2
May 11 03:29:33 ubuntu01 sshd[3085401]: pam_unix(sshd:session): session opened for user [email protected] by (uid=0)
May 11 03:29:33 ubuntu01 sshd[3085401]: pam_systemd(sshd:session): Failed to create session: No such process
对于不成功的登录,ssh 客户端将等待直到超时:
May 11 03:32:27 ubuntu01 sshd[3085589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.60.217.155 [email protected]
May 11 03:32:27 ubuntu01 sshd[3085589]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.60.217.155 [email protected]
May 11 03:33:57 ubuntu01 sshd[3085589]: Failed password for [email protected] from 10.60.217.155 port 52534 ssh2
May 11 03:33:57 ubuntu01 sshd[3085589]: fatal: Access denied for user [email protected] by PAM account configuration [preauth]
May 11 03:34:38 ubuntu01 sssd_be[3065663]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
May 11 03:35:01 ubuntu01 CRON[3085606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 11 03:35:01 ubuntu01 CRON[3085606]: pam_unix(cron:session): session closed for user root
可以忽略 sssd_be 的警告,因为我已在 sssd.conf 文件中设置了 ad_gpo_access_control = permissive。
在此先非常感谢您的见解。
问候,bongsf