On Sat, Aug 25, 2012 at 1:01 AM, Chris Hartman <qrstuv@gmail.com> wrote:Hi Chris,
> Hi all,
>
> Arch: i386
> OS: Fedora 17
>
> Using the compiled source from the git repo, I'm having trouble getting
> users to authenticate via PAM with the pam_sss.so module.
>
> I can do ID lookups, enumerate user information, and "pam_test_client"
> returns successful for all cases, but when logging in via SSH or through the
> TTY, I get authentication failure. As an already-authenticated local user,
> su commands/password auth work.
>
> This problem persists despite pam_sss.so's order in the stack or its
> control. Examining the logs, I don't see any error messages from pam_sss.
Do you see pam_sss being contacted at all? If so, are there any log
messages in /var/log/sss/sssd_pam.log (provided you set debug_level to
the [pam] section) ?
What was the version that worked for you from the repos? I suspect
> When installed from the repos, SSSD performs as expected.
>
SELinux might be causing trouble, because the 1.9 pre-release you
checked out from git contains a number of features that needed
tweaking the SELinux policy. Make sure you are running at least
selinux-policy-3.10.0-146 if you are running in the Enforcing mode.
This version is currently in updates-testing for F17, see:
https://admin.fedoraproject.org/updates/FEDORA-2012-12355
Sure, having a working baseline is important.
> I'd like to contribute to the project but thought it'd be a good idea to get
> a system up and running with the unaltered source, first. Thanks.
>
The SSSD wiki contains a number of tips tutorials that might be helpful:
https://fedorahosted.org/sssd/wiki/DevelTips
https://fedorahosted.org/sssd/wiki/DevelTutorials
Thank you for your interest in the SSSD!
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users