[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

Lukas Slebodnik lslebodn at redhat.com
Mon Oct 20 08:01:28 UTC 2014

On (19/10/14 08:45), Orkhan Gasimov wrote:
> 2. About my pam.d files - please read carefully my previous posts.
> I commented > out the line in pam.d -> system and added it explicitly to
You didn't have "account required /usr/local/lib/pam_sss.so ignore_unknown_user"
in pam.d/system. The line is commented out, but there *IS NOT* argument

Howto on FreeBSD forum[1] has argument ignore_unknown_user on the lines
starting with account in both pam configuration files (system, sshd)

> pam.d -> login because otherwise I get locked out from the machine. I sent
I didn't touch "pam.d/login". I put "account .. pam_sss.so ignore_unknown_user"
into "pam.d/system" (the same as in [1]) and I can login as sssd user and
local user. I know that pam configuration isn't the easiest think for newbies,
but your post will be even more confusing for others. Please do not give
advices if you do not understand where is the problem and why it works with
that change.

> you the WORKING configuration and not the one which was recommended at
> FreeBSD posts (and also by you). And yes, in pam.d -> system there's no
> "ignore bla bla bla part" because in that file the line
> "account  required  /usr/local/lib/pam_sss.so" just doesn't work, with or
> without that part.
I don't know what you did wrong, but it *works* with argument ignore_unknown_user
How did you test?


More information about the Freeipa-users mailing list