I read Jakub Hrozeks post https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-calling-kinit-with-sssds-help/ and found that it is exactly what I need. The only problem is that I am using Ubuntu and not Fedora or CentOS.

In sssd_pamlog i only see a SSS_PAM_OPEN_SESSION but no SSS_PAM_AUTHENTICATE - so most likely the pam config is still wrong. Is anybody here who got this working under Ubuntu?

This is how my /etc/pam.d/common-auth looks:

auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]    pam_sss.so use_first_pass
auth    requisite            pam_deny.so
auth    required            pam_permit.so
auth    optional    pam_ecryptfs.so unwrap
auth    optional            pam_cap.so

And this is my nsswitch.conf

passwd:         compat
group:          compat
shadow:         compat

hosts: files wins mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
sudoers:        files sss

Any ideas on this matter would be highly appreciated!

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to