使用 Windows AD 帐户(通过 SSSD)登录服务器时偶尔出现问题

tag-icon tag-icon sssd
使用 Windows AD 帐户(通过 SSSD)登录服务器时偶尔出现问题

尝试使用链接到服务器的 Windows AD 帐户通过 Windows 远程桌面管理器登录 CentOS7 桌面 GUI,SSSD并看到... 在此输入图像描述 尝试ssh以 myuser 身份登录也不起作用,终端告诉我......

debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.

我需要做的就是ssh以 root 身份进入,然后cd进入 myuser 的 /home 目录。然后我看到sssd状态为...

[root@airflowetl ~]# systemctl status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-01-22 16:52:28 HST; 9 months 0 days ago
 Main PID: 122026 (sssd)
   CGroup: /system.slice/sssd.service
           ├─122026 /usr/sbin/sssd -i --logger=files
           ├─122027 /usr/libexec/sssd/sssd_be --domain co.local --uid 0 --gid 0 --logger=files
           ├─122028 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
           └─122029 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

Oct 22 18:16:52 airflowetl.co.local [sssd[krb5_child[119918]]][119918]: KDC has no support for encryption type
Oct 22 18:16:52 airflowetl.co.local [sssd[krb5_child[119918]]][119918]: KDC has no support for encryption type
Oct 22 18:17:05 airflowetl.co.local [sssd[krb5_child[120064]]][120064]: KDC has no support for encryption type
Oct 22 18:17:22 airflowetl.co.local sssd_be[122027]: GSSAPI client step 1
Oct 22 18:17:22 airflowetl.co.local sssd_be[122027]: GSSAPI client step 1
Oct 22 18:17:22 airflowetl.co.local sssd[be[co.local]][122027]: GSSAPI Error: Unspecified GSS failure.  Minor code may provid...ype)
Oct 22 18:17:22 airflowetl.co.local sssd_be[122027]: GSSAPI client step 1
Oct 22 18:17:22 airflowetl.co.local sssd_be[122027]: GSSAPI client step 1
Oct 22 18:17:22 airflowetl.co.local sssd_be[122027]: GSSAPI client step 1
Oct 22 18:17:22 airflowetl.co.local sssd_be[122027]: GSSAPI client step 2
Hint: Some lines were ellipsized, use -l to show in full.

我的/etc/sssd.conf文件看起来像...

[root@airflowetl sssd]# cat sssd.conf

[sssd]
domains = co.local
config_file_version = 2
services = nss, pam

[domain/co.local]
ad_domain = co.local
krb5_realm = CO.LOCAL
auth_provider = ad
access_provider = ad
chpass_provider = ad
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = False
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_group_gid_number = gidNumber
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
default_domain_suffix = co.local

有更多经验的人知道这里会发生什么吗?任何调试建议(很难测试,因为只是偶尔发生,并且不知道与之相关的是什么)?

相关内容