pam_sss(sudo:auth):身份验证失败

pam_sss(sudo:auth):身份验证失败

我正在让一些 CentOS 7 机器加入 Windows 域,步骤如下:

#yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common
#nmcli c modify eth0 ipv4.dns 192.168.3.18
#nmcli c down eth0; nmcli c up eth0
#realm discover DOMAIN.CORP
#realm join DOMAIN.CORP -U domainadmin

#vim /etc/sssd/sssd.conf
   [sssd]
   domains = domain.corp
   config_file_version = 2
   services = nss, pam

   [domain/domain.corp]
   ad_domain = domain.corp
   krb5_realm = DOMAIN.CORP
   realmd_tags = manages-system joined-with-samba
   cache_credentials = True
   id_provider = ad
   krb5_store_password_if_offline = True
   default_shell = /bin/bash
   ldap_id_mapping = True
   use_fully_qualified_names = False
   fallback_homedir = /home/DOMAIN/%u
   access_provider = ad

#systemctl restart sssd
#vim /etc/samba/smb.conf
    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    valid users = @"[email protected]"

问题是,当机器启动时,所有来自 group.engineering 的用户都可以登录,但是如果机器一天未使用,则没有用户能够再登录,结果登录 /var/log/secure 将是:

Feb 23 15:25:45 api60 sshd[54971]: pam_unix(sshd:session): session opened for user ojohn by (uid=0)
Feb 23 15:25:54 api60 sudo: pam_sss(sudo:auth): authentication failure; logname=ojohn uid=1368235925 euid=0 tty=/dev/pts/1 ruser=ojohn rhost= user=ojohn
Feb 23 15:25:54 api60 sudo: pam_sss(sudo:auth): received for user ojohn: 4 (System error)
Feb 23 15:25:59 api60 sudo: pam_sss(sudo:auth): authentication failure; logname=ojohn uid=1368235925 euid=0 tty=/dev/pts/1 ruser=ojohn rhost= user=ojohn
Feb 23 15:25:59 api60 sudo: pam_sss(sudo:auth): received for user ojohn: 4 (System error)
Feb 23 15:25:59 api60 sudo: ojohn : 2 incorrect password attempts ; TTY=pts/1 ; PWD=/home/DOMAIN/ojohn ; USER=root ; COMMAND=/bin/su
Feb 23 15:28:24 api60 sshd[44759]: pam_unix(sshd:session): session closed for user ojohn

所有 CentOS 7 机器都有这个问题。有人知道这是从哪里来的吗?

非常感谢。

相关内容