Thank you again for assisting. I did a little more digging myself and realized something wrong about my /etc/pam.d/system-auth and /etc/pam.d/password-auth files. The auth line for pam_sss.so had both use_first_pass and forward_pass. It seems to me that these counter each other in some way. Once I took off use_first_pass, password logins to the domain controllers and to my solaris 11 clients are working. I'm no longer getting an error 7, I'm instead getting successes in /var/log/secure.
Only issue now is it seems my pam configuration on Solaris must be incorrect or there is a major bug - while the password works, I cannot open a session. Trying to su into an account while on the system as root gives me some assertion error and then aborted. The login with user@domain works (which is not what I want to use). Solaris 10 on the other hand gives me "no legal authentication methods". Might be a pam/nsswitch misconfiguration. I'll report back if I figure it out. _______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org