On Wed, May 31, 2017 at 11:24:48AM +0200, Ronald Wimmer via FreeIPA-users wrote:
> Hi,
> 
> I read Jakub Hrozeks post 
> https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-calling-kinit-with-sssds-help/
> and found that it is exactly what I need. The only problem is that I am
> using Ubuntu and not Fedora or CentOS.
> 
> In sssd_pamlog i only see a SSS_PAM_OPEN_SESSION but no SSS_PAM_AUTHENTICATE

This would mean that pam_unix authenticated the user. Does the user
exists in /etc/passwd and /etc/shadow as well?

bye,
Sumit

> - so most likely the pam config is still wrong. Is anybody here who got this
> working under Ubuntu?
> 
> 
> This is how my /etc/pam.d/common-auth looks:
> 
> auth    [success=2 default=ignore]    pam_unix.so nullok_secure
> try_first_pass
> auth    [success=1 default=ignore]    pam_sss.so use_first_pass
> auth    requisite            pam_deny.so
> auth    required            pam_permit.so
> auth    optional    pam_ecryptfs.so unwrap
> auth    optional            pam_cap.so
> 
> And this is my nsswitch.conf
> 
> passwd:         compat
> group:          compat
> shadow:         compat
> 
> hosts:          files wins mdns4_minimal [NOTFOUND=return] resolve
> [!UNAVAIL=return] dns myhostname
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> sudoers:        files sss
> 
> Any ideas on this matter would be highly appreciated!
> 
> Regards,
> Ronald
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to