我按照 AWS 文档手动加入 Linux 实例。
我能够以 AD 用户身份登录并sudo在 Linux VM 中执行访问。但当我尝试设置限制帐户登录访问时,我遇到了问题。
config file : /etc/sssd/sssd.conf
============================
domains = example.com
config_file_version = 2
services = nss, pam
http://domain/example.com
ad_domain = example.com
krb5_realm = EXAMPLE.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
ad_access_filter = (memberOf=cn=dev,ou=Users,ou=exmaple,dc=example,dc=com)
============================================
dev=groupname
ou=group is located in Users Organizational Unit.
============================================
errors: remote side unexpectedly closed the network
sshd pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.72.147.2 [email protected]
sshd pam_sss(sshd:account): Access denied for user [email protected]: 6 (Permission denied)
sshd Failed password for [email protected] from 167.09.198.8 port 52519 ssh2
sshd fatal: Access denied for user [email protected] by PAM account configuration
有人可以帮忙吗
答案1
假设您确实打算使用example.com,那么您的设置中有一个拼写错误ad_access_filter:ou=exmaple