将 CentOS 7 加入 Active Directory 域后对 AD 用户进行身份验证

我正在尝试将 CentOS 7.5 加入 Windows Active Directory 域以对 AD 用户进行身份验证。虽然加入过程已成功，但我无法对任何用户进行身份验证。以下是所采取的步骤。首先，我遵循了这份精彩的指南，如何将 centos 加入 AD。

当我执行领域列表时，输出是：

dev.mydomain.local
type: kerberos
realm-name: DEV.MYDOMAIN.LOCAL
domain-name: dev.mydomain.local
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U
login-policy: allow-realm-logins

此外，正如文章中所建议的，我确实看到 CentOS PC 出现在 AD 中的计算机对象中。

当我询问用户时，

id centosuser

uid=6XXXXXXXX(centosuser) gid=6XXXXXXXXXXX(domain users) 
groups=6XXXXXXX(domain users),6XXXXXXXXXX(sudoers)

然后重新启动 sssd 和 sshd。

当我尝试通过 sshcentosuser以

[root@centos7-PC ~]# ssh centosuser@<IP address of centos7-PC>
centosuser@<IP address of centos7-PC> password: 
Authentication failed.

提示输入密码，之后身份验证失败。不知道这里发生了什么。当我查看 sshd 状态时，我看到的是

systemctl status sshd    

Jan 04 03:48:11 FQDN of CentOS PC sshd[5632]: Failed password for centosuser from ::1 port 39924 ssh2
Jan 04 03:48:11 FQDN of CentOS PC sshd[5632]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
Jan 04 03:52:50 FQDN of CentOS PC sshd[5715]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost...tosuser
Jan 04 03:54:20 FQDN of CentOS PC sshd[5715]: Failed password for centosuser from <IP address of CentOS PC> port 51118 ssh2
Jan 04 03:54:20 FQDN of CentOS PC sshd[5715]: fatal: Access denied for user centosuser by PAM account configuration [preauth]
Jan 04 04:04:20 FQDN of CentOS PC sshd[5771]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost...tosuser
Jan 04 04:05:50 FQDN of CentOS PC sshd[5771]: Failed password for centosuser from <IP address of CentOS PC> port 51144 ssh2
Jan 04 04:05:50 FQDN of CentOS PC sshd[5771]: fatal: Access denied for user centosuser by PAM account configuration [preauth]