Page 1 of 1

AD users can login, AD group members cannot sssd

Posted: 2022/01/09 18:02:00
by araczek
On a test setup with Windows 2019 and Centos 7 I am trying to get users on the Linux machines to login to AD via group membership
and it is not working. I basically followed instructions at this link:
https://www.linuxtechi.com/integrate-rh ... directory/

Note by login I am taking about console login and not SSH login (yet).I successfully added the Linux machine to AD, logged into the AD domain successfully via Linux as AD 'administrator' and also a normal user created in AD. Removed permitted logins (realm deny --all) and added an AD group called 'centaccess'. Restarted sssd. No user in the 'centaccess' group can login to the console but as an individual can login.

I also tried to permit just one user from AD and it worked fine. I just can't get users in a group to be able to login to the console. I also tried removing the need for FQDN, no luck.

What am I missing?