The problem was something very silly it seems In my /etc/rhn/rhn.conf I had the following entry
pam_auth_service = rhn-satellite However my pam file was called /etc/pam.d/rhn_satellite It would be nice if rhn was able to throw an exception if it can't read the pam file. After change the file name to rhn_satellite everything worked fine. From: [email protected] [mailto:[email protected]] On Behalf Of Paul Robert Marino Sent: Tuesday, May 01, 2012 6:09 PM To: [email protected] Subject: Re: [Spacewalk-list] PAM winbind support Or it could be selinux you may want to check your audit log. And just incase you are not familiar with selinux the audit2allow tool along with the fixfiles tool are really simple On May 1, 2012 5:42 PM, "Parsons, Aron" <[email protected]<mailto:[email protected]>> wrote: It should still work fine; the 1.7 upgrade didn't break the two servers I have using winbind. Remember that the process doing the PAM conversation is non-root unlike most other PAM-enabled services, so it may just be a simple permissions issue. The likely culprit is the system keytab if you have Kerberos enabled. /aron -----Original Message----- Message: 1 Date: Tue, 1 May 2012 13:46:31 -0400 From: "Brown, Rodrick" <[email protected]<mailto:[email protected]>> To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [Spacewalk-list] PAM winbind support Message-ID: <c9c3c7fc93b40a4da409f4b1acb610991dbdfde...@exchange10.global.knight.com<mailto:c9c3c7fc93b40a4da409f4b1acb610991dbdfde...@exchange10.global.knight.com>> Content-Type: text/plain; charset="us-ascii" Does spacewalk 1.7 still support PAM w/winbind ? After doing an upgrade to 1.7 I'm getting the following error in my tomcat logs 2012-05-01 13:39:07,267 [TP-Processor2] WARN com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User XXXXX (id 25, org_id 1) failed with error Authentication failure. I'm no longer able to login via spacewalk web with my PAM winbind setup. If I disable PAM authentication works fine. --RB _______________________________________________ Spacewalk-list mailing list [email protected]<mailto:[email protected]> https://www.redhat.com/mailman/listinfo/spacewalk-list Please visit our website for important disclaimers/disclosures regarding Knight's products and services: http://knight.com/KnightEmailDisclaimer.html
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
