Unable to login using AD user but works with local user

by
robcampbell
from LinuxQuestions.org on (#5RKCT)
Distro: Fedora
Version: 34

I can't log in using ssh or desktop environment gui. Below is the ssh attempts.

/var/log/audit/audit.log

AD user
Quote:
type=CRYPTO_SESSION msg=audit(1636211273.313:1065): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=30605 suid=74 rport=34398 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1636211279.239:1066): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=? acct="redhat" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1636211301.144:1067): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=? acct="redhat" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1636211306.928:1068): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=? acct="redhat" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1636211308.493:1069): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=session fp=? direction=both spid=30605 suid=74 rport=34398 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_KEY_USER msg=audit(1636211308.493:1070): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30605 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_KEY_USER msg=audit(1636211308.495:1071): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30604 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=USER_LOGIN msg=audit(1636211308.495:1072): pid=30604 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=login acct="redhat" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=ssh res=failed'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1636211319.950:1073): pid=30609 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30609 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1636211319.959:1074): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=30609 suid=74 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
local user
Quote:
type=CRYPTO_SESSION msg=audit(1636211319.959:1075): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=30609 suid=74 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1636211323.237:1076): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:authentication grantors=pam_usertype,pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1636211323.251:1077): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1636211323.251:1078): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=destroy kind=session fp=? direction=both spid=30609 suid=74 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1636211323.261:1079): pid=30608 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1636211323.261:1080): pid=30608 uid=0 subj=kernel old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=7 res=1UID="root" OLD-AUID="unset" AUID="test"
type=SERVICE_START msg=audit(1636211323.300:1081): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1636211323.327:1082): pid=30617 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="test" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1636211323.327:1083): pid=30617 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=PAM:setcred grantors=? acct="test" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=LOGIN msg=audit(1636211323.327:1084): pid=30617 uid=0 subj=kernel old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=8 res=1UID="root" OLD-AUID="unset" AUID="test"
type=USER_START msg=audit(1636211323.332:1085): pid=30617 uid=0 auid=1001 ses=8 subj=kernel msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="test" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test"
type=BPF msg=audit(1636211323.344:1086): prog-id=130 op=LOAD
type=BPF msg=audit(1636211323.344:1087): prog-id=130 op=UNLOAD
type=SERVICE_START msg=audit(1636211323.547:1088): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1636211323.558:1089): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:session_open grantors=pam_selinux,pam_winbind,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_ limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=CRYPTO_KEY_USER msg=audit(1636211323.560:1090): pid=30636 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30636 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="root"
type=CRED_ACQ msg=audit(1636211323.567:1091): pid=30636 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=USER_LOGIN msg=audit(1636211323.616:1092): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=USER_START msg=audit(1636211323.616:1093): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=CRYPTO_KEY_USER msg=audit(1636211323.618:1094): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30641 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="test"
type=BPF msg=audit(1636211323.646:1095): prog-id=131 op=LOAD
type=BPF msg=audit(1636211323.650:1096): prog-id=132 op=LOAD
type=SERVICE_START msg=audit(1636211323.765:1097): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_END msg=audit(1636211326.238:1098): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=USER_LOGOUT msg=audit(1636211326.238:1099): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/2 res=success'UID="root" AUID="test" ID="test"
type=CRYPTO_KEY_USER msg=audit(1636211326.239:1100): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=session fp=? direction=both spid=30636 suid=1001 rport=34400 laddr=10.0.0.17 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.16 terminal=? res=success'UID="root" AUID="test" SUID="test"
type=CRYPTO_KEY_USER msg=audit(1636211326.240:1101): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30636 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="test"
type=USER_END msg=audit(1636211326.242:1102): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:session_close grantors=pam_selinux,pam_winbind,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_ limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=CRED_DISP msg=audit(1636211326.243:1103): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="test" exe="/usr/sbin/sshd" hostname=10.0.0.16 addr=10.0.0.16 terminal=ssh res=success'UID="root" AUID="test"
type=CRYPTO_KEY_USER msg=audit(1636211326.244:1104): pid=30608 uid=0 auid=1001 ses=7 subj=kernel msg='op=destroy kind=server fp=SHA256:3f:a3:9d:94:52:57:d5:43:b1:ed:67:07:77:62:db:05:80:10:1b:b0:57:ab:77:56:88:b8:2a:f2:ef:3e: d3:73 direction=? spid=30608 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="test" SUID="root"
type=SERVICE_STOP msg=audit(1636211336.454:1105): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1636211336.473:1106): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
latest?d=yIl2AUoC8zA latest?i=-_5_wGlNLss:4YVAlw-zPkk:F7zBnMy latest?i=-_5_wGlNLss:4YVAlw-zPkk:V_sGLiP latest?d=qj6IDK7rITs latest?i=-_5_wGlNLss:4YVAlw-zPkk:gIN9vFw-_5_wGlNLss
External Content
Source RSS or Atom Feed
Feed Location https://feeds.feedburner.com/linuxquestions/latest
Feed Title LinuxQuestions.org
Feed Link https://www.linuxquestions.org/questions/
Reply 0 comments