Thank you again for assisting. I did a little more digging myself and realized
something wrong about my /etc/pam.d/system-auth and /etc/pam.d/password-auth
files. The auth line for pam_sss.so had both use_first_pass and forward_pass.
It seems to me that these counter each other in some way. Once I took off
use_first_pass, password logins to the domain controllers and to my solaris 11
clients are working. I'm no longer getting an error 7, I'm instead getting
successes in /var/log/secure.
Only issue now is it seems my pam configuration on Solaris must be incorrect or
there is a major bug - while the password works, I cannot open a session.
Trying to su into an account while on the system as root gives me some
assertion error and then aborted. The login with user@domain works (which is
not what I want to use).
Solaris 10 on the other hand gives me "no legal authentication methods". Might
be a pam/nsswitch misconfiguration. I'll report back if I figure it out.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org