SW 2.7 on RHEL 7.4 The HTTPD conf files are either commented out, or in the case of auth_kerb.conf, empty. This is a completely out of the box setup and the only documentation I’ve been able to find on this on RH’s portal mentions just the config changes I made. Nothing to do with the files you mentioned.
Is there a better how-to to describe the full changes that need to take place to enable this? As far as role map, I only want end users to be able to subscribe to additional software channels that we don’t push by default. For example, we don’t have Microsoft’s channel in our base activation key, but would like to give our developers an opportunity to install software from it without admin intervention. It appears that doing spacewalk-channel –add –c microsoft_rhel7 prompts for a username and password so they are unable to add the channel. Max DiOrio Global Systems Administrator From: spacewalk-list-boun...@redhat.com [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of Alexandru Raceanu Sent: Monday, March 12, 2018 2:08 PM To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication Spacewalk version and OS please... Also log entries except the tomcat would be helpful. What's the content of following: /etc/httpd/conf.d/intercept_form_submit.conf /etc/httpd/conf.d/authnz_pam.conf /etc/httpd/conf.d/auth_kerb.conf I don't think that you need to create the user if you do role map for external authenticated users ( Admin -> Users -> External Authentication -> Group Role Mapping ) /Alex ________________________________ From: "DiOrio, Max" <max.dio...@ieeeglobalspec.com<mailto:max.dio...@ieeeglobalspec.com>> To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Sent: Monday, March 12, 2018 4:52:21 PM Subject: [Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication Hi! I’m looking to potentially use SSSD and Active Directory to authenticate our users to Spacewalk. The Spacewalk server is already on the domain and we authenticate just fine via SSH using AD. I added the following to the rhn.conf file: pam_auth_service = spacewalk-satellite Created the spacewalk-satellite pam.d file: #%PAM-1.0 auth required pam_env.so auth sufficient pam_sss.so no_user_check auth required pam_deny.so account required pam_sss.so no_user_check Restarted spacewalk. Created a user mdiorio in the GUI and checked the box to use PAM. But get the following error when I go to log in. Mar 12 11:51:21 la-1pspacewalk server: 2018-03-12 11:51:21,304 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] WARN com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User mdiorio (id 2, org_id 1) failed with error Permission denied. Mar 12 11:51:23 la-1pspacewalk server: 2018-03-12 11:51:23,304 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] INFO com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: [mdiorio] I can kinit my account on the server without a problem. Not sure what I’m missing. Thanks! Max DiOrio Global Systems Administrator [cid:image002.jpg@01D26A5C.D5C0BF00] 201 Fuller Road, Suite 202 Albany, NY 12203-3621 Phone: +518-238-6516 | Mobile: +518-944-5289 max.dio...@ieeeglobalspec.com<mailto:max.dio...@ieeeglobalspec.com> _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
