I spent way more time than I’m comfortable disclosing, troubleshooting an issue with an AD-attached Oracle Linux server that wouldn’t accept ssh logons by domain users.
We use the recommended sssd and realmd to ensure AD membership. Everything looked good, and I could log on using an account that’s a member of the Domain Admins group, and so I released the machine to our developers for further work.
Only they couldn’t log on.
After spending most of the morning looking through my logs and config files, and detaching and re-attaching the server to the domain after tweaking various settings, I suddenly saw the light.
Note to my future self:
Windows runs NetBIOS under the hood! Any machine name over 14 characters of length in a domain joined computer will cause trouble!
Naturally, after setting a more Windows-like hostname and re-joining the domain, everything worked as I expected.