[SSSD] SSSD with SSH and PAM Account Expired

Wed, 08 May 2013 04:55:31 -0700 

Hi, having configured SSSD on RHEL 6.4 to connect to our OpenLDAP server 
successfully, I can get a list of users and groups using the getent command but 
cannot ssh into the host or login via the console.

The following error message is returned in /var/log/secure:

May  8 12:18:26 rh-test-mg01 sshd[6660]: pam_sss(sshd:auth): authentication 
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.21.21.1 user=jimbob
May  8 12:18:26 rh-test-mg01 sshd[6660]: pam_sss(sshd:account): Access denied 
for user jimbob: 6 (Permission denied)
May  8 12:18:26 rh-test-mg01 sshd[6658]: error: PAM: User account has expired 
for jimbob from 10.21.21.1

These are my ldap details:

# extended LDIF
#
# LDAPv3
# base <uid=jimbob,ou=people,dc=XXX,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# jimbob, People, XXX.com
dn: uid=jimbob,ou=People,dc=XXX,dc=com
givenName: Jim
sn: Bob
uid: jimbob
uidNumber: 1081
homeDirectory: /home/jimbob
loginShell: /bin/bash
cn: Jim Bob
gidNumber: 1398
mail: jim....@xxx.com
userPassword:: XXX
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: ldapPublicKey
objectClass: shadowAccount


If I comment out the following line in /etc/pam.d/password-auth then I can 
login via ssh but still not the console.

#account     [default=bad success=ok user_unknown=ignore] pam_sss.so

Any help would be greatly appreciated.

Thanks in advance, David.

Truphone Limited, registered in England and Wales (registered company number: 
04187081). Registered office: 4 Royal Mint Court, London EC3N 4HJ. VAT No. GB 
851 5278 19

This e-mail, and any attachment(s), may contain information which is 
confidential and/or privileged, and is intended for the addressee only. If you 
are not the intended recipient, you may not use, disclose, copy or distribute 
this information in any manner whatsoever. If you have received this e-mail in 
error, please contact the sender immediately and delete it.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to