Hi all,
Arch: i386 OS: Fedora 17
Using the compiled source from the git repo, I'm having trouble getting users to authenticate via PAM with the pam_sss.so module.
I can do ID lookups, enumerate user information, and "pam_test_client" returns successful for all cases, but when logging in via SSH or through the TTY, I get authentication failure. As an already-authenticated local user, su commands/password auth work.
This problem persists despite pam_sss.so's order in the stack or its control. Examining the logs, I don't see any error messages from pam_sss. When installed from the repos, SSSD performs as expected.
I'd like to contribute to the project but thought it'd be a good idea to get a system up and running with the unaltered source, first. Thanks.
-Chris
On Sat, Aug 25, 2012 at 1:01 AM, Chris Hartman qrstuv@gmail.com wrote:
Hi all,
Arch: i386 OS: Fedora 17
Using the compiled source from the git repo, I'm having trouble getting users to authenticate via PAM with the pam_sss.so module.
I can do ID lookups, enumerate user information, and "pam_test_client" returns successful for all cases, but when logging in via SSH or through the TTY, I get authentication failure. As an already-authenticated local user, su commands/password auth work.
This problem persists despite pam_sss.so's order in the stack or its control. Examining the logs, I don't see any error messages from pam_sss.
Hi Chris,
Do you see pam_sss being contacted at all? If so, are there any log messages in /var/log/sss/sssd_pam.log (provided you set debug_level to the [pam] section) ?
When installed from the repos, SSSD performs as expected.
What was the version that worked for you from the repos? I suspect SELinux might be causing trouble, because the 1.9 pre-release you checked out from git contains a number of features that needed tweaking the SELinux policy. Make sure you are running at least selinux-policy-3.10.0-146 if you are running in the Enforcing mode. This version is currently in updates-testing for F17, see: https://admin.fedoraproject.org/updates/FEDORA-2012-12355
I'd like to contribute to the project but thought it'd be a good idea to get a system up and running with the unaltered source, first. Thanks.
Sure, having a working baseline is important.
The SSSD wiki contains a number of tips tutorials that might be helpful: https://fedorahosted.org/sssd/wiki/DevelTips https://fedorahosted.org/sssd/wiki/DevelTutorials
Thank you for your interest in the SSSD!
Turns out selinux was the culprit and running in permissive mode solved my issue.
I'm used to having selinux mounted on /selinux, so when I ruled out selinux earlier, it was because I didn't see the selinux folder in /.
Thanks for the help!
-Chris
On Sat, Aug 25, 2012 at 9:58 AM, Jakub Hrozek jakub.hrozek@gmail.comwrote:
On Sat, Aug 25, 2012 at 1:01 AM, Chris Hartman qrstuv@gmail.com wrote:
Hi all,
Arch: i386 OS: Fedora 17
Using the compiled source from the git repo, I'm having trouble getting users to authenticate via PAM with the pam_sss.so module.
I can do ID lookups, enumerate user information, and "pam_test_client" returns successful for all cases, but when logging in via SSH or through
the
TTY, I get authentication failure. As an already-authenticated local
user,
su commands/password auth work.
This problem persists despite pam_sss.so's order in the stack or its control. Examining the logs, I don't see any error messages from pam_sss.
Hi Chris,
Do you see pam_sss being contacted at all? If so, are there any log messages in /var/log/sss/sssd_pam.log (provided you set debug_level to the [pam] section) ?
When installed from the repos, SSSD performs as expected.
What was the version that worked for you from the repos? I suspect SELinux might be causing trouble, because the 1.9 pre-release you checked out from git contains a number of features that needed tweaking the SELinux policy. Make sure you are running at least selinux-policy-3.10.0-146 if you are running in the Enforcing mode. This version is currently in updates-testing for F17, see: https://admin.fedoraproject.org/updates/FEDORA-2012-12355
I'd like to contribute to the project but thought it'd be a good idea to
get
a system up and running with the unaltered source, first. Thanks.
Sure, having a working baseline is important.
The SSSD wiki contains a number of tips tutorials that might be helpful: https://fedorahosted.org/sssd/wiki/DevelTips https://fedorahosted.org/sssd/wiki/DevelTutorials
Thank you for your interest in the SSSD! _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org