Authentication Failed for PAM Agent using SSH for Active Directory Users
Originally Published: 2023-04-05
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for PAM
O/S Version: RHEL
Issue
Cause
realm list example.com type: kerberos realm-name: EXAMPLE.COM domain-name: example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools login-formats: %U@example.com login-policy: allow-realm-logins
From /var/log/secure logs, user will be seen as an invalid user as shown for rsatest user
Mar 28 01:16:25 pam sshd[6769]: Invalid user rsatest from ::1 port 52404 Mar 28 01:16:25 pam sshd[6769]: Postponed keyboard-interactive for invalid user rsatest from ::1 port 52404 ssh2 [preauth] Mar 28 01:16:28 pam sshd[6772]: pam_unix(sshd:auth): check pass; user unknown Mar 28 01:16:28 pam sshd[6772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=::1 Mar 28 01:16:28 pam sshd[6769]: Postponed keyboard-interactive/pam for invalid user rsatest from ::1 port 52404 ssh2 [preauth] Mar 28 01:16:52 pam sshd[6769]: error: PAM: Authentication failure for illegal user rsatest from ::1 Mar 28 01:16:52 pam sshd[6769]: Failed keyboard-interactive/pam for invalid user rsatest from ::1 port 52404 ssh2 Mar 28 01:16:52 pam sshd[6769]: Postponed keyboard-interactive for invalid user rsatest from ::1 port 52404 ssh2 [preauth]
Resolution
the login-formats was %U@mydomain.local. modified it to %U, the authentication became successful.
- cd /etc/sssd
- vim sssd.conf
- Change the login format: use_fully_qualified_names = True to False.
- Restart sssd services > systemctl restart sssd.service
Related Articles
Is the PAM Agent supported with Redhat 6.2 Number of Views Passcode accepted on ACE/Server activity monitor and login failed on Nortel Extranet Client. Number of Views RSA PAM Authentication Agent cannot challenge users in Active Directory groups Number of Views SSH authentication failed for a challenged user with RSA Authentication Manager using REST protocol for RSA Authentication… Number of Views RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for Oracle and RHEL (Chinese) Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
