<div dir="ltr">Thanks Bruno. It worked :)<br></div><div class="gmail_extra"><br clear="all"><div>--<br>Shashank Sahni<br></div>
<br><br><div class="gmail_quote">On Tue, Feb 25, 2014 at 5:58 PM, Bruno Henrique Barbosa <span dir="ltr"><<a href="mailto:bruno-barbosa@prodesan.com.br" target="_blank">bruno-barbosa@prodesan.com.br</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:12pt;font-family:tahoma,new york,times,serif"><span style="font-size:medium">Hi Shashank, </span><div style="font-size:medium">

<br></div><div style="font-size:medium">Besides the KB settings, you must create the HBAC service on IPA. Policy -> HBAC Service -> Add, then create a service named "<a href="https://vmp-ipa01.santos.sp.gov.br/ipa/ui/#rhn-satellite" style="color:rgb(29,133,213);font-size:11px;font-family:'Liberation Sans',Arial,Sans;text-decoration:none" target="_blank">rhn-satellite</a>" and suit it into your HBAC rules, just like you would do with sshd or login services.</div>

<div style="font-size:medium"><br></div><div style="font-size:medium">After that, on Spacewalk, just create the matching login users and mark PAM authentication. It should work.</div><br><div><font size="3"><span name="x"></span></font><b style="font-size:12pt"><font color="#4d4d4d" face="tahoma, new york, times, serif">Bruno Henrique Barbosa</font></b>
<div>
<div><font color="#808080">Jr. Sys Admin</font></div></div><div><font color="#808080">IT Department</font></div><div><font color="#808080">Santos City Hall</font></div><font size="3"><span name="x"></span></font><br></div>

<hr style="font-size:12pt"><div style="font-style:normal;font-size:12pt;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal"><b>De: </b>"Shashank Sahni" <<a href="mailto:shredder12@gmail.com" target="_blank">shredder12@gmail.com</a>><br>

<b>Para: </b><a href="mailto:spacewalk-list@redhat.com" target="_blank">spacewalk-list@redhat.com</a><br><b>Enviadas: </b>Terça-feira, 25 de Fevereiro de 2014 8:30:03<br><b>Assunto: </b>[Spacewalk-list] Integrating Spacewalk Authentication with IPA<div>

<div class="h5"><br><br><div dir="ltr"><div><div><div>Hi everyone,<br><br></div>I'm currently running configured instances of Spacewalk and Kibana. In order to integrate Spacewalk authentication with IPA, I followed the following post.<br>

<br>

<a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.4/html-single/Installation_Guide/index.html#sect-Installation_Guide-Maintenance-Implementing_PAM_Authentication" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.4/html-single/Installation_Guide/index.html#sect-Installation_Guide-Maintenance-Implementing_PAM_Authentication</a><br>



<br></div>I created a new user and marked it to be authenticated via PAM. I populated the PAM file with the contents mentioned in the post above. Unfortunately, the authentication isn't working.<br><br></div>I get the following log message in tomcat6/catalina.out<br>



<br>com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User abc (id 4, org_id 1) failed with error Authentication failure.<br><div><div><div><br></div><div>Note that, ipa-client is successfully installed and configured on spacewalk server.<br>



<br></div><div>Any suggestions?<br></div><div><br clear="all"><div><div><div>--<br>Shashank Sahni<br></div>
</div></div></div></div></div></div>
<br></div></div>_______________________________________________<br>Spacewalk-list mailing list<br><a href="mailto:Spacewalk-list@redhat.com" target="_blank">Spacewalk-list@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" target="_blank">https://www.redhat.com/mailman/listinfo/spacewalk-list</a></div>

<br></div></div><br>_______________________________________________<br>
Spacewalk-list mailing list<br>
<a href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" target="_blank">https://www.redhat.com/mailman/listinfo/spacewalk-list</a><br></blockquote></div><br></div>