Operating steps:
1. Create a new vmbr1 192.168.10.10 network for communication between virtual machines.
2. Create a new Windows Server 2019 virtual machine and configure the domain and DNS: ad.example.com.
3. Create a new Ubuntu 20.04 virtual machine.
4. On Ubuntu, configure the hostname, DNS, and run the following command: apt install adcli realmd sssd-ad sssd-tools.
5. Join the domain: realm discover ad.example.com && realm join ad.example.com && pam-auth-update --enable mkhomedir
6. Modify sssd.conf, and restart sssd
```
[sssd]
domains = ad.example.com
config_file_version = 2
services = nss, pam
debug_level = 6
[pam]
debug_level = 9
[domain/ad.example.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u
ad_domain = ad.example.com
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
ad_gpo_access_control = permissive
debug_level = 6
```
After run `login Administrator`logging in, an error is reported: `authentication service cannot retrieve authentication info`, and the pam log shows:
```
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_search_send] (0x0400): CR #9: Returning [admin@ad.example.com] from cache
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_search_ncache_filter] (0x0400): CR #9: This request type does not support filtering result by negative cache
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_create_and_add_result] (0x0400): CR #9: Found 2 entries in domain ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_done] (0x0400): CR #9: Finished: Success
(Fri Mar 29 16:09:14 2024) [pam] [pd_set_primary_name] (0x0400): User's primary name is admin@ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_initgr_cache_set] (0x2000): [admin] added to PAM initgroup cache
(Fri Mar 29 16:09:14 2024) [pam] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): domain: ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): user: admin@ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): service: login
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): tty: /dev/pts/0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): ruser: not set
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): rhost: not set
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): authtok type: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): newauthtok type: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): priv: 1
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): cli_pid: 30196
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): logon name: admin
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): flags: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Fri Mar 29 16:09:19 2024) [pam] [pam_initgr_cache_remove] (0x2000): [admin] removed from PAM initgroup cache
(Fri Mar 29 16:09:19 2024) [pam] [pam_initgr_cache_remove] (0x2000): [admin] removed from PAM initgroup cache
(Fri Mar 29 16:09:28 2024) [pam] [client_idle_handler] (0x2000): Terminating idle client [0x5631a8db3720][19]
(Fri Mar 29 16:09:28 2024) [pam] [client_close_fn] (0x2000): Terminated client [0x5631a8db3720][19]
(Fri Mar 29 16:09:44 2024) [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:04 2024) [pam] [sbus_dispatch] (0x4000): Dispatching.
(Fri Mar 29 16:10:14 2024) [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:44 2024) [pam] [client_idle_handler] (0x2000): Terminating idle client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:44 2024) [pam] [client_close_fn] (0x2000): Terminated client [0x5631a8da9b00][20]
(Fri Mar 29 16:11:20 2024) [pam] [sbus_dispatch] (0x4000): Dispatching.
```
Which seems to indicate that no response is received
With the same steps, I was able to configure and successfully log in on VMware.
Please advise what might be causing this issue.
1. Create a new vmbr1 192.168.10.10 network for communication between virtual machines.
2. Create a new Windows Server 2019 virtual machine and configure the domain and DNS: ad.example.com.
3. Create a new Ubuntu 20.04 virtual machine.
4. On Ubuntu, configure the hostname, DNS, and run the following command: apt install adcli realmd sssd-ad sssd-tools.
5. Join the domain: realm discover ad.example.com && realm join ad.example.com && pam-auth-update --enable mkhomedir
6. Modify sssd.conf, and restart sssd
```
[sssd]
domains = ad.example.com
config_file_version = 2
services = nss, pam
debug_level = 6
[pam]
debug_level = 9
[domain/ad.example.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u
ad_domain = ad.example.com
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
ad_gpo_access_control = permissive
debug_level = 6
```
After run `login Administrator`logging in, an error is reported: `authentication service cannot retrieve authentication info`, and the pam log shows:
```
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_search_send] (0x0400): CR #9: Returning [admin@ad.example.com] from cache
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_search_ncache_filter] (0x0400): CR #9: This request type does not support filtering result by negative cache
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_create_and_add_result] (0x0400): CR #9: Found 2 entries in domain ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [cache_req_done] (0x0400): CR #9: Finished: Success
(Fri Mar 29 16:09:14 2024) [pam] [pd_set_primary_name] (0x0400): User's primary name is admin@ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_initgr_cache_set] (0x2000): [admin] added to PAM initgroup cache
(Fri Mar 29 16:09:14 2024) [pam] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): domain: ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): user: admin@ad.example.com
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): service: login
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): tty: /dev/pts/0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): ruser: not set
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): rhost: not set
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): authtok type: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): newauthtok type: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): priv: 1
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): cli_pid: 30196
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): logon name: admin
(Fri Mar 29 16:09:14 2024) [pam] [pam_print_data] (0x0100): flags: 0
(Fri Mar 29 16:09:14 2024) [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Fri Mar 29 16:09:19 2024) [pam] [pam_initgr_cache_remove] (0x2000): [admin] removed from PAM initgroup cache
(Fri Mar 29 16:09:19 2024) [pam] [pam_initgr_cache_remove] (0x2000): [admin] removed from PAM initgroup cache
(Fri Mar 29 16:09:28 2024) [pam] [client_idle_handler] (0x2000): Terminating idle client [0x5631a8db3720][19]
(Fri Mar 29 16:09:28 2024) [pam] [client_close_fn] (0x2000): Terminated client [0x5631a8db3720][19]
(Fri Mar 29 16:09:44 2024) [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:04 2024) [pam] [sbus_dispatch] (0x4000): Dispatching.
(Fri Mar 29 16:10:14 2024) [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:44 2024) [pam] [client_idle_handler] (0x2000): Terminating idle client [0x5631a8da9b00][20]
(Fri Mar 29 16:10:44 2024) [pam] [client_close_fn] (0x2000): Terminated client [0x5631a8da9b00][20]
(Fri Mar 29 16:11:20 2024) [pam] [sbus_dispatch] (0x4000): Dispatching.
```
Which seems to indicate that no response is received
With the same steps, I was able to configure and successfully log in on VMware.
Please advise what might be causing this issue.