On (14/11/16 11:34), Ronny Forberger wrote:
> Lukas Slebodnik <lslebodn(a)redhat.com> hat am 14. November
2016 um 10:04
> geschrieben:
>
>
> On (13/11/16 16:03), ronnyforberger(a)ronnyforberger.de wrote:
> >I found out, that /var/run/sss needed mode 0755.
> >
> >But I still cannot use passwords.
> >My /etc/pam.d/system looks like the following:
> >
> What do you meand by cannot use password?
> How do you authenticate ssh (or login on tty)
> Are you able to resolve user with "getent passwd" or "id"?
I cannot login using password or use sudo using password. Neigher by ssh, login
on tty.
I can see the users through getent passwd and id.
The debug log of pam_sssd.so says:
Nov 13 17:31:59 macy sudo: in openpam_dispatch(): /usr/local/lib/pam_sss.so:
pam_sm_authenticate(): authentication error
Nov 13 17:32:01 macy su: in openpam_dispatch(): calling pam_sm_setcred() in
/usr/local/lib/pam_sss.so
Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_SERVICE
Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_USER
Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_TTY
Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_RUSER
Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_RHOST
Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_AUTHTOK
Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_OLDAUTHTOK
Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in pam_set_data(): entering: 'pam_sss:fd_destructor'
Nov 13 17:32:01 macy su: in pam_set_data(): returning PAM_SUCCESS
Nov 13 17:32:01 macy su: in openpam_dispatch(): /usr/local/lib/pam_sss.so:
pam_sm_setcred(): success
Those messages are from syslog.
You need to find a problem in sssd logs.
https://fedorahosted.org/sssd/wiki/Troubleshooting
LS