On Sun, Feb 21, 2021, 5:09 PM Kent West <we...@acu.edu> wrote: Brand new Debian box (tried Buster, then when that didn;' work, upgraded tp unstable - meh, it's a test box to get things sorted out before production use).
Minimal setup (unchecked everything in TaskSel step during install; later used TaskSel to add X11/Mate). su'd to root apt install'd aptitude, realmd, packagekit (packagekit grabbed the needed dependencies, such as sssd and samba (at least parts of them, and maybe part of KRB5 (the keytab thing-y), and [mostly] configured them) Ran "realm join MY.DOMAIN -U my_add-to-domain_user" getent passwd domain_user successfully returns data on the domain user: acutech@21260-debianvm:~$ getent passwd glerp@my.domain glerp@my.domain:*:495633057:495600513:glerp:/home/glerp@my.domain:/bin/bash .... But the domain user can't log in via ssh (a local user can ssh in). techman@21260-debianvm:~$ ssh -l glerp@my.domain 21260-debianvm glerp@my.domain@21260-debianvm's password: Connection closed by 127.0.1.1 port 22 Here are a few relevant lines from /var/log/auth.log: Feb 21 17:04:54 21260-debianvm sshd[5284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=glerp@my.domain Feb 21 17:04:54 21260-debianvm sshd[5284]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=glerp@my.domain Feb 21 17:04:54 21260-debianvm sshd[5284]: pam_sss(sshd:account): Access denied for user glerp@my.domain: 6 (Permission denied) Feb 21 17:04:54 21260-debianvm sshd[5284]: Failed password for glerp@my.domain from 127.0.0.1 port 59998 ssh2 Feb 21 17:04:54 21260-debianvm sshd[5284]: fatal: Access denied for user glerp@my.domain by PAM account configuration [preauth] So I think what this is telling you is that authentication succeeded for the "auth" clause in the "sshd" section of the PAM config file (pam_sss). But then authentication failed in the "account" clause of the sshd section. So the question is why there?
