Secure System Service Daemon or SSSD is used to setup authentication on various Linux distributions. You can also use it to define how to interact with Active Directory. It has a configuration line which will tells how to handle case sensitivity: case_sensitive
By default this is set to True, which also means in case you are using AllowGroups in sshd_config (most people do), and there is a group defined with one or more capital letters the authentication for group members won’t work. At least not on Ubuntu 18.04 or newer, on CentOS for example there are no issues because it is disabled for AD.
case_sensitive (boolean) Treat user and group names as case sensitive. Default: True
/var/log/auth.log will be show authentication failures even though the user is member of a group that is allowed to log in.
May 5 14:19:47 this.yourserver.whatever sshd[58358]: Failed keyboard-interactive/pam for joe from 10.1.12.57 port 45230 ssh2
May 5 14:19:47 this.yourserver.whatever sshd[58358]: Connection closed by authenticating user joe 10.1.12.57 port 45230 [preauth]As an example if your group is called Admin, login will fail for all members. You have two options.
- Edit sssd.conf: case_sensitive false (recommended)
- Rename your Admin group to admin
Then restart sssd: sudo service sssd restart then authentication form Admin should start working.