On (13/11/16 16:03), ronnyforberger(a)ronnyforberger.de wrote:
I found out, that /var/run/sss needed mode 0755.
But I still cannot use passwords.
My /etc/pam.d/system looks like the following:
What do you meand by cannot use password?
How do you authenticate ssh (or login on tty)
Are you able to resolve user with "getent passwd" or "id"?
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth sufficient /usr/local/lib/pam_sss.so
auth required pam_unix.so no_warn try_first_pass nullok
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
account required /usr/local/lib/pam_sss.so ignore_unknown_user
There should be also enabled ignore_authinfo_unavail
# session
#session optional pam_ssh.so want_agent
session required pam_lastlog.so no_fail
session optional /usr/local/lib/pam_sss.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password sufficient /usr/local/lib/pam_sss.so use_authtok
password required pam_unix.so no_warn try_first_pass
BTW here is a link to our troubleshooting wiki
https://fedorahosted.org/sssd/wiki/Troubleshooting
LS