starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-25 16:55:53 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[GH-ISSUE #517] [BUG] after hardening I can't use my ldap authentication #83

New issue
Closed
opened 2026-03-03 13:59:00 +03:00 by kerem · 3 comments
kerem commented 2026-03-03 13:59:00 +03:00
Owner
Copy link

Originally created by @krmnmari on GitHub (Nov 8, 2024).
Original GitHub issue: https://github.com/konstruktoid/hardening/issues/517

Originally assigned to: @konstruktoid on GitHub.

Describe the bug
After applying hardening, I can't enter the system as an LDAP user

To Reproduce
ssh user@server
LOGS:
Nov 8 10:39:36 my-server sshd[566803]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.210.203 user=my-user
Nov 8 10:39:37 my-server sshd[566803]: pam_sss(sshd:account): Access denied for user my-user: 6 (Permission denied)
Nov 8 10:39:37 my-server sshd[566803]: Failed password for my-user from 172.16.210.203 port 33300 ssh2
Nov 8 10:39:37 my-server sshd[566803]: fatal: Access denied for user my-user by PAM account configuration [preauth]
Nov 8 10:39:37 my-server sshd[566803]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.210.203 user=my-user
Nov 8 10:39:47 my-server realmd[566794]: quitting realmd service after timeout
Nov 8 10:39:47 my-server realmd[566794]: stopping service
Nov 8 10:39:55 my-server ldapsearch: DIGEST-MD5 common mech free

Expected behavior
It should have entered the system

System (lsb_release -a):
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy

Additional context
Add any other context about the problem here.

Originally created by @krmnmari on GitHub (Nov 8, 2024). Original GitHub issue: https://github.com/konstruktoid/hardening/issues/517 Originally assigned to: @konstruktoid on GitHub. **Describe the bug** After applying hardening, I can't enter the system as an LDAP user **To Reproduce** ssh user@server LOGS: Nov 8 10:39:36 my-server sshd[566803]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.210.203 user=my-user Nov 8 10:39:37 my-server sshd[566803]: pam_sss(sshd:account): Access denied for user my-user: 6 (Permission denied) Nov 8 10:39:37 my-server sshd[566803]: Failed password for my-user from 172.16.210.203 port 33300 ssh2 Nov 8 10:39:37 my-server sshd[566803]: fatal: Access denied for user my-user by PAM account configuration [preauth] Nov 8 10:39:37 my-server sshd[566803]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.210.203 user=my-user Nov 8 10:39:47 my-server realmd[566794]: quitting realmd service after timeout Nov 8 10:39:47 my-server realmd[566794]: stopping service Nov 8 10:39:55 my-server ldapsearch: DIGEST-MD5 common mech free **Expected behavior** It should have entered the system **System (lsb_release -a):** No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.5 LTS Release: 22.04 Codename: jammy **Additional context** Add any other context about the problem here.
kerem closed this issue 2026-03-03 13:59:00 +03:00
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Nov 8, 2024):

I'd need more details in order to debug this, an verbose ssh connection log for example.

"my-server sshd[566803]: Failed password for my-user from 172.16.210.203 port 33300 ssh2"

<!-- gh-comment-id:2464651360 --> @konstruktoid commented on GitHub (Nov 8, 2024): I'd need more details in order to debug this, an verbose `ssh` connection log for example. "my-server sshd[566803]: **Failed password** for my-user from 172.16.210.203 port 33300 ssh2"
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@krmnmari commented on GitHub (Nov 8, 2024):

Hi, thank you very much for your quick response.
The issue was solved by leaving the domain and reinstalling sss-ad, sssd-tools realmd and adcli. After that we rejoined the machine to the domain and enabled mkhomedir (pam-auth-update --enable mkhomedir), working then.

I really apreciate your interest!
Carmen

<!-- gh-comment-id:2464802106 --> @krmnmari commented on GitHub (Nov 8, 2024): Hi, thank you very much for your quick response. The issue was solved by leaving the domain and reinstalling sss-ad, sssd-tools realmd and adcli. After that we rejoined the machine to the domain and enabled mkhomedir (pam-auth-update --enable mkhomedir), working then. I really apreciate your interest! Carmen
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Nov 8, 2024):

Great that it worked out for you.

<!-- gh-comment-id:2464960053 --> @konstruktoid commented on GitHub (Nov 8, 2024): Great that it worked out for you.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#83
No description provided.