PLatform is RHEL 6 Update 6. Relevent RPMS are :
sssd-ad-1.11.6-30.el6.x86_64 krb5-workstation-1.10.3-33.el6.x86_64 Pam was setup using " authconfig --enablesssd --enablesssdauth --enablemkhomedir --update" I have test users successfully authenticating against a test domain server with both the test linux RHEL6U6 box and the Windows 2008R2 AD server on an isolated subnet. After I login to the RHEL6U6 box with an AD user via either ssh, or via the console I cannot run 'su - <username>' to any other user, either AD based or local password file based. All I get is a 'incorrect password' error message. My sssd.conf: [sssd] config_file_version = 2 domains = CORPTEST.LOCAL services = nss, pam debug_level = 10 timeout = 300 [domain/CORPTEST.LOCAL] id_provider = ad auth_provider = ad access_provider = ad debug_level = 10 ldap_id_mapping = False default shell = /bin/bash fallback_homedir = /home/%u use_fully_qualified_names = False nsswitch.conf has these lines for passwd, shadow and group: passwd: files sss shadow: files sss group: files sss /etc/pam.d/system-auth-ac (not hand edited at all) #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so umask=0077 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so The sssd-ad package in rhel6 update 6 is fairly new and as such I've been able to find limited web resources about its config directives. Any help you can provide will be appreciated. Cheers, Chris _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
