%3A%20%E5%90%91%20sssd%20%E5%8F%91%E5%87%BA%E7%9A%84%E8%AF%B7%E6%B1%82%E5%A4%B1%E8%B4%A5%E3%80%82%E5%85%AC%E5%85%B1%E5%A5%97%E6%8E%A5%E5%AD%97%E7%9A%84%E6%89%80%E6%9C%89%E6%9D%83%E6%88%96%E6%9D%83%E9%99%90%E9%94%99%E8%AF%AF.png)
我们在 CENTOS 7.5 上使用 SSSD 进行 Active Directory 身份验证
从今天开始,用户无法登录。当他们尝试登录时,他们会得到:
/usr/bin/id: cannot find name for group ID xxxxxxxxxx
我查看了/var/log/secure:
pam_sss(crond:session): Request to sssd failed. Public socket has wrong ownership or permissions.
这是 sssd.conf:
domains = xxxxxxxxx
config_file_version = 2
services = nss, pam
[domain/xxxxxxxx]
ad_domain = xxxxxxxx
krb5_realm = XXXXXXXXXX
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
#use_fully_qualified_names = True
use_fully_qualified_names = False
#fallback_homedir = /home/%u@%d
fallback_homedir = /home/%u
access_provider = ad
在另一台具有完全相同配置的机器上,一切正常。
最近没有任何变化。
感谢您的帮助。
答案1
该问题已解决。
正如错误所述,该问题是一个文件权限问题:
srw-rw-r--+ 1 root root 0 Jun 1 14:30 pam
通过将权限设置为 0666 来修复此问题:
chmod 0666 /var/log/secure