On Wed, May 31, 2017 at 11:24:48AM +0200, Ronald Wimmer via FreeIPA-users wrote:
Hi,
I read Jakub Hrozeks post
https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-call...
and found that it is exactly what I need. The only problem is that I am
using Ubuntu and not Fedora or CentOS.
In sssd_pamlog i only see a SSS_PAM_OPEN_SESSION but no SSS_PAM_AUTHENTICATE
This would mean that pam_unix authenticated the user. Does the user
exists in /etc/passwd and /etc/shadow as well?
bye,
Sumit
> - so most likely the pam config is still wrong. Is anybody here who got this
> working under Ubuntu?
>
>
> This is how my /etc/pam.d/common-auth looks:
>
> auth [success=2 default=ignore] pam_unix.so nullok_secure
> try_first_pass
> auth [success=1 default=ignore] pam_sss.so use_first_pass
> auth requisite pam_deny.so
> auth required pam_permit.so
> auth optional pam_ecryptfs.so unwrap
> auth optional pam_cap.so
>
> And this is my nsswitch.conf
>
> passwd: compat
> group: compat
> shadow: compat
>
> hosts: files wins mdns4_minimal [NOTFOUND=return] resolve
> [!UNAVAIL=return] dns myhostname
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
> sudoers: files sss
>
> Any ideas on this matter would be highly appreciated!
>
> Regards,
> Ronald
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org