Jakub, again thankyou for your reply. I am still debugging this one. I think I have narrowed it down to a PAM configuration, after I ran sssd with a high debug level. For anyone following this thread:
/usr/sbin/ssshd -ddd The failure I get is: PAM: do_pam_account pam_acct_mgmt = 4 (System error) I think (not sure yet) that the problem is in pam.d/common-account where a local user is looked for: account sufficient pam_localuser.so I have been getting different behaviour this morning - I suspect because of sssd cacheing. Am running now with memcache_timeout = 0 On 19 July 2018 at 11:18, Jakub Hrozek <[email protected]> wrote: > > > > On 11 Jul 2018, at 15:28, John Hearns <[email protected]> wrote: > > > > I have set up an sss_override for my user account > > > > johe:*:1234:1234:John Hearns,,,:/home/johe:/bin/bash > > > > I also have an entry in the locla /etc/passwd file. > > When I ssh to a server running sssd my ssh key is accepted. > > > > When I have no local /etc/passwd > > When I ssh to a server running sssd my ssh key is not used and I am > prompted for a password > > Is that a local SSH key stored in the user’s home or in LDAP? If a local > one, then I think the only important thing is to tell SSH where to look at, > so the homedir must be correct and of course the user must have the correct > UID and GID to be allowed to enter that homedir. > > > > > Can anyone explain please? > > > > The answer will be along the lines of at what stage in the ssh login the > override is being 'honoured' > > However this is a bit of a major problem. I guess also I will be told > that I have done something wrong. > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@ > lists.fedorahosted.org/message/ARZQMHUEUBXR53P7XG5QSFMDU6KHBK3O/ > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@ > lists.fedorahosted.org/message/DL67YE2ZEIQ5LY2UCIVRRW5U7DLM7LMZ/ >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/KK6PJAWE3SNSWOX7T6WR4RTGGVTAOTZO/
