[Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication
DiOrio, Max
Max.DiOrio at ieeeglobalspec.com
Mon Mar 12 15:52:21 UTC 2018
Hi!
I'm looking to potentially use SSSD and Active Directory to authenticate our users to Spacewalk. The Spacewalk server is already on the domain and we authenticate just fine via SSH using AD.
I added the following to the rhn.conf file:
pam_auth_service = spacewalk-satellite
Created the spacewalk-satellite pam.d file:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_sss.so no_user_check
auth required pam_deny.so
account required pam_sss.so no_user_check
Restarted spacewalk. Created a user mdiorio in the GUI and checked the box to use PAM.
But get the following error when I go to log in.
Mar 12 11:51:21 la-1pspacewalk server: 2018-03-12 11:51:21,304 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] WARN com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User mdiorio (id 2, org_id 1) failed with error Permission denied.
Mar 12 11:51:23 la-1pspacewalk server: 2018-03-12 11:51:23,304 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] INFO com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: [mdiorio]
I can kinit my account on the server without a problem.
Not sure what I'm missing. Thanks!
Max DiOrio
Global Systems Administrator
[cid:image002.jpg at 01D26A5C.D5C0BF00]
201 Fuller Road, Suite 202
Albany, NY 12203-3621
Phone: +518-238-6516 | Mobile: +518-944-5289
max.diorio at ieeeglobalspec.com<mailto:max.diorio at ieeeglobalspec.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180312/d7a63009/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2276 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180312/d7a63009/attachment.jpg>
More information about the Spacewalk-list
mailing list