[BUG] after hardening I can't use my ldap authentication

[krmnmari]

Describe the bug
After applying hardening, I can't enter the system as an LDAP user

To Reproduce
ssh user@server
LOGS:
Nov 8 10:39:36 my-server sshd[566803]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.210.203 user=my-user
Nov 8 10:39:37 my-server sshd[566803]: pam_sss(sshd:account): Access denied for user my-user: 6 (Permission denied)
Nov 8 10:39:37 my-server sshd[566803]: Failed password for my-user from 172.16.210.203 port 33300 ssh2
Nov 8 10:39:37 my-server sshd[566803]: fatal: Access denied for user my-user by PAM account configuration [preauth]
Nov 8 10:39:37 my-server sshd[566803]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.210.203 user=my-user
Nov 8 10:39:47 my-server realmd[566794]: quitting realmd service after timeout
Nov 8 10:39:47 my-server realmd[566794]: stopping service
Nov 8 10:39:55 my-server ldapsearch: DIGEST-MD5 common mech free

Expected behavior
It should have entered the system

System (lsb_release -a):
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy

Additional context
Add any other context about the problem here.

[konstruktoid]

I'd need more details in order to debug this, an verbose ssh connection log for example.

"my-server sshd[566803]: Failed password for my-user from 172.16.210.203 port 33300 ssh2"

[krmnmari]

Hi, thank you very much for your quick response.
The issue was solved by leaving the domain and reinstalling sss-ad, sssd-tools realmd and adcli. After that we rejoined the machine to the domain and enabled mkhomedir (pam-auth-update --enable mkhomedir), working then.

I really apreciate your interest!
Carmen

[konstruktoid]

Great that it worked out for you.