I getting a weird issue with SSSD, we are using SSSD for AD auth, we are using ocserv for
VPN and it doesn't always appear to check SSSD, I am seeing it check PAM_unix get the
auth failure and then simply return the failure instead of trying SSSD, if I restart the
service then for a few requests will use PAM_sss (SSSD) and then will begin to simply use
pam_unix again
When I restart the service it appears to work correctly for a moment
Mar 29 16:42:31 ip-10-0-21-4 m[10038]: pam_unix(ocserv:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=X.X.X.X user=UserY
Mar 29 16:42:32 ip-10-0-21-4 m[10038]: pam_sss(ocserv:auth): authentication success;
logname= uid=0 euid=0 tty= ruser= rhost=X.X.X.X user=UserY
Then it will get the following after a few minutes
Mar 29 17:03:03 ip-10-0-21-4 m[10038]: pam_unix(ocserv:auth): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=X.X.X.X user=UserX
Mar 29 17:03:05 ip-10-0-21-4 m[10038]: PAM authenticate error: Authentication failure
Mar 29 17:03:05 ip-10-0-21-4 m[10038]: PAM-auth pam_auth_pass: Authentication failure
michael.leer(a)crownpeak.com
Switchboard:+44 (0)20 7019 4700
crownpeak.com
Forrester Wave for WCM 2017
Crownpeak,
Studio 1001 Highgate Studios, 53-79 Highgate Road, London, NW5 1TL
Registered in England: No. 3592714, VAT No. 625574723