The scenario is an IPA with an AD trust. The users belong to AD. IPA is a
Rocky Linux 8, and AD is a Samba 4.14.10 over Rocky Linux 8 too.
We have a couple of IPA host clients to test. One is another Rocky Linux 8,
and the other is an Ubuntu 20.04. Everything works fine: AD users can login
into the clients. The only problem is, after some time of inactivity on the
clients (not sure how much time), AD users cannot login anymore, but just
for a while (some seconds, or a minute). In that period, executing an "id
user" with an AD user in the client, gives me nothing.
In Rocky Linux client, it seems that everything start to works again after
SSSD Kerberos Cache Manager is started (which is done automatically), as
can be seen in the following log from journalctl:
Dec 07 12:52:08 rockyprueba.xx.xx sshd[12054]: Invalid user usupru2 from
10.X.X.X port 56778
Dec 07 12:52:09 rockyprueba.xx.xx sshd[12054]: Postponed
keyboard-interactive for invalid user usupru2 from 10.X.X.X port 56778 ssh2
[preauth]
Dec 07 12:52:12 rockyprueba.xx.xx sshd[12056]: pam_unix(sshd:auth): check
pass; user unknown
Dec 07 12:52:12 rockyprueba.xx.xx sshd[12056]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
Dec 07 12:52:14 rockyprueba.xx.xx sshd[12054]: error: PAM: Authentication
failure for illegal user usupru2 from 10.X.X.X
Dec 07 12:52:14 rockyprueba.xx.xx sshd[12054]: Failed
keyboard-interactive/pam for invalid user usupru2 from 10.X.X.X port 56778
ssh2
Dec 07 12:52:14 rockyprueba.xx.xx sshd[12054]: Postponed
keyboard-interactive for invalid user usupru2 from 10.X.X.X port 56778 ssh2
[preauth]
Dec 07 12:52:19 rockyprueba.xx.xx sshd[12057]: pam_unix(sshd:auth): check
pass; user unknown
Dec 07 12:52:19 rockyprueba.xx.xx sshd[12057]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
Dec 07 12:52:21 rockyprueba.xx.xx sshd[12054]: error: PAM: Authentication
failure for illegal user usupru2 from 10.X.X.X
Dec 07 12:52:21 rockyprueba.xx.xx sshd[12054]: Failed
keyboard-interactive/pam for invalid user usupru2 from 10.X.X.X port 56778
ssh2
Dec 07 12:52:21 rockyprueba.xx.xx sshd[12054]: Postponed
keyboard-interactive for invalid user usupru2 from 10.X.X.X port 56778 ssh2
[preauth]
Dec 07 12:52:32 rockyprueba.xx.xx sshd[12058]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
user=usupru2
Dec 07 12:52:32 rockyprueba.xx.xx krb5_child[12061]: Preauthentication
failed
Dec 07 12:52:32 rockyprueba.xx.xx krb5_child[12061]: Preauthentication
failed
Dec 07 12:52:32 rockyprueba.xx.xx sshd[12058]: pam_sss(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
user=usupru2
Dec 07 12:52:32 rockyprueba.xx.xx sshd[12058]: pam_sss(sshd:auth): received
for user usupru2: 7 (Authentication failure)
Dec 07 12:52:34 rockyprueba.xx.xx sshd[12054]: error: PAM: Authentication
failure for illegal user usupru2 from 10.X.X.X
Dec 07 12:52:34 rockyprueba.xx.xx sshd[12054]: Failed
keyboard-interactive/pam for invalid user usupru2 from 10.X.X.X port 56778
ssh2
Dec 07 12:52:36 rockyprueba.xx.xx sshd[12054]: Connection closed by invalid
user usupru2 10.X.X.X port 56778 [preauth]
Dec 07 12:52:40 rockyprueba.xx.xx systemd[1]: Starting SSSD Kerberos Cache
Manager...
Dec 07 12:52:40 rockyprueba.xx.xx systemd[1]: Started SSSD Kerberos Cache
Manager.
Dec 07 12:52:40 rockyprueba.xx.xx sssd_kcm[12068]: Starting up
Dec 07 12:52:40 rockyprueba.xx.xx sshd[12064]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
user=usupru2
Dec 07 12:52:41 rockyprueba.xx.xx sshd[12062]: Accepted
keyboard-interactive/pam for usupru2 from 10.X.X.X port 56786 ssh2
Whereas in Ubuntu I can see the following related lines in the auth log:
Dec 9 10:15:52 ubuntuprueba sshd[66229]: Invalid user usupru2 from
10.X.X.X port 43534
Dec 9 10:15:57 ubuntuprueba sshd[66229]: Postponed keyboard-interactive
for invalid user usupru2 from 10.X.X.X port 43534 ssh2 [preauth]
Dec 9 10:16:12 ubuntuprueba sshd[66231]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
user=usupru2
Dec 9 10:16:12 ubuntuprueba sshd[66231]: pam_sss(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
user=usupru2
Dec 9 10:16:12 ubuntuprueba sshd[66231]: pam_sss(sshd:auth): received for
user usupru2: 17 (Failure setting user credentials)
Dec 9 10:16:14 ubuntuprueba sshd[66229]: error: PAM: Authentication
failure for illegal user usupru2 from 10.X.X.X
Dec 9 10:16:14 ubuntuprueba sshd[66229]: Failed keyboard-interactive/pam
for invalid user usupru2 from 10.X.X.X port 43534 ssh2
Dec 9 10:16:14 ubuntuprueba sshd[66229]: Postponed keyboard-interactive
for invalid user usupru2 from 10.X.X.X port 43534 ssh2 [preauth]
Dec 9 10:17:01 ubuntuprueba CRON[66257]: pam_unix(cron:session): session
opened for user root by (uid=0)
Dec 9 10:17:01 ubuntuprueba CRON[66257]: pam_unix(cron:session): session
closed for user root
Dec 9 10:18:29 ubuntuprueba sshd[66300]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
user=usupru2
Dec 9 10:18:29 ubuntuprueba sshd[66300]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.X.X.X
user=usupru2
Dec 9 10:18:29 ubuntuprueba sshd[66298]: Accepted keyboard-interactive/pam
for usupru2 from 10.X.X.X port 43578 ssh2
Dec 9 10:18:29 ubuntuprueba sshd[66298]: pam_unix(sshd:session): session
opened for user usupru2 by (uid=0)
Any help is appreciated. Thanks very much.