SW 2.7 on RHEL 7.4

The HTTPD conf files are either commented out, or in the case of 
auth_kerb.conf, empty.  This is a completely out of the box setup and the only 
documentation I’ve been able to find on this on RH’s portal mentions just the 
config changes I made.  Nothing to do with the files you mentioned.

Is there a better how-to to describe the full changes that need to take place 
to enable this?

As far as role map, I only want end users to be able to subscribe to additional 
software channels that we don’t push by default.  For example, we don’t have 
Microsoft’s channel in our base activation key, but would like to give our 
developers an opportunity to install software from it without admin 

It appears that doing spacewalk-channel –add –c microsoft_rhel7    prompts for 
a username and password so they are unable to add the channel.

Max DiOrio
Global Systems Administrator

From: spacewalk-list-boun...@redhat.com 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of Alexandru Raceanu
Sent: Monday, March 12, 2018 2:08 PM
To: spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication

Spacewalk version and OS please...
Also log entries except the tomcat would be helpful.

What's the content of following:

I don't think that you need to create the user if you do role map for external 
authenticated users ( Admin -> Users -> External Authentication -> Group Role 
Mapping )

From: "DiOrio, Max" 
To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
Sent: Monday, March 12, 2018 4:52:21 PM
Subject: [Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication


I’m looking to potentially use SSSD and Active Directory to authenticate our 
users to Spacewalk.  The Spacewalk server is already on the domain and we 
authenticate just fine via SSH using AD.

I added the following to the rhn.conf file:
pam_auth_service = spacewalk-satellite

Created the spacewalk-satellite pam.d file:

auth    required        pam_env.so
auth    sufficient      pam_sss.so no_user_check
auth    required        pam_deny.so

account required        pam_sss.so no_user_check

Restarted spacewalk.   Created a user mdiorio in the GUI and checked the box to 
use PAM.

But get the following error when I go to log in.

Mar 12 11:51:21 la-1pspacewalk server: 2018-03-12 11:51:21,304 
[ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] WARN  
com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User mdiorio 
(id 2, org_id 1) failed with error Permission denied.
Mar 12 11:51:23 la-1pspacewalk server: 2018-03-12 11:51:23,304 
[ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] INFO  
com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: [mdiorio]

I can kinit my account on the server without a problem.

Not sure what I’m missing.   Thanks!

Max DiOrio
Global Systems Administrator
201 Fuller Road, Suite 202
Albany, NY 12203-3621
Phone: +518-238-6516 | Mobile: +518-944-5289

Spacewalk-list mailing list
Spacewalk-list mailing list

Reply via email to