grep -rnI pam_sss /var/log /etc/pam.d returns nothing on this Debian system
It is all over the CentOS system files. Might this be an issue with the Debian freeipa-client package ?
Also, I am able to log in with my IdM credentials, just not as this test-user. ______________________________________________________________________________________________
Daniel E. White daniel.e.white@nasa.govmailto:daniel.e.white@nasa.gov NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290
From: Jochen Kellner jochen@jochen.org Date: Tuesday, March 3, 2020 at 11:06 To: FreeIPA freeipa-users@lists.fedorahosted.org Cc: Rob Crittenden rcritten@redhat.com, Daniel White daniel.e.white@nasa.gov Subject: [EXTERNAL] Re: [Freeipa-users] Re: A Debian Head-Scratcher
"White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users" <freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org> writes:
SSSD does not seem to be the source of the glitch. The sssd_nss.log says that it successfully finds the user.
All the error in /var/log/auth.log contain "pam_unix", so I tried adding "debug" to the end of every instance of "pam_unix/pam_unix.so" in /etc/pam.d, but it told me nothing new.
Any other suggestions ?
Local users are authenticated by pam_unix, IPA users with pam_sss. I do run a custom PAM configuration, because older IPA clients needed that.
I dropped a special file in /usr/share/pam-configs and used that, but that doesn't seem to be needed any longer.
So, pam_unix shouldn't be your problem when pam_sss is called also. Rob's troubleshooting link should help you along.
Jochen
-- This space is intentionally left blank.
freeipa-users@lists.fedorahosted.org