bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. Re: SSSD Problem (nick robinson)
2. Re: SSSD Problem (Dave Addison)
----------------------------------------------------------------------
Message: 1
Date: Tue, 9 Aug 2016 14:17:59 +0100
From: nick robinson <nick@njrobinson.net>
To: Dave Addison <dave@redmoor.org.uk>, Bristol and Bath Linux User
Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] SSSD Problem
Message-ID:
<CADo8qK5sSYj42jTOsMQnhec_c7Cw8i3PP9MV7_1fcQDaSvHDZw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
is each machine running its own ldap or is it centralised on one machine?
On 9 August 2016 at 00:13, Dave Addison via Bristol <
bristol@mailman.lug.org.uk> wrote:
> Hi All
>
> Would anyone be up for providing some assistance with an sssd problem I'm
> having?
>
> I have three machines all using sssd with an ldap backend for
> authentication
> and, on one of them, I can't login as root either via ssh or su. ssh just
> fails after three attempts but su returns an error "User unknown to
> underlying
> authentication module"
>
> replacing pam_sss.so with pam_ldap.so in the common-auth file in pam.d
> makes
> the problem go away
>
> replacing pam_sss.so with pam_unix.so also makes the problem go away.
> Ithink
> this means there isn't a problem with the passwd and shadow files. I have
> another non-root user in passwd and this user can also login with
> pam_sss.so
> configured
>
> nsswitch.conf can be either "files sss" or "compat sss" on all machines for
> passwd and group without affecting behaviour. None of the machines have an
> nsswitch.conf entry for shadow.
>
> All three machines have "filter_user = root" and "filter_group = root" in
> sssd.conf. Removing these filters on the failing machine makes no
> difference to
> behaviour.
>
> Any ideas?
> Regards
> Dave
>
> _______________________________________________
> Bristol mailing list
> Bristol@mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/bristol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.lug.org.uk/mailman/private/bristol/attachments/20160809/d09b97a8/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 09 Aug 2016 18:17:38 +0100
From: Dave Addison <dave@redmoor.org.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] SSSD Problem
Message-ID: <2628548.BqsugC55oO@phaedra>
Content-Type: text/plain; charset="us-ascii"
On Tuesday 09 Aug 2016 14:17:59 nick robinson via Bristol wrote:
> is each machine running its own ldap or is it centralised on one machine?
>
They're all running off one centralised ldap server. However, when I slept on
it overnight, I realised that the root login wasn't handled by sssd and I
should have been looking at the pam configuration.
The problem turned out to be the pam_unix2.so plugin handling local logins
which, for some reason, had taken severe exception to the setup on the one
machine. I've replaced pam_unix2.so with pam_unix.so and all is now working
fine.
Just don't ask me why. Both the failing machine and the machine I copied the
setup from are both OpensSuSE 13.2. That would take a lot more digging and,
apparently, pam_unix2.so is only supposed to be for support to migration now.
Regards
Dave
> On 9 August 2016 at 00:13, Dave Addison via Bristol <
>
> bristol@mailman.lug.org.uk> wrote:
> > Hi All
> >
> > Would anyone be up for providing some assistance with an sssd problem I'm
> > having?
> >
> > I have three machines all using sssd with an ldap backend for
> > authentication
> > and, on one of them, I can't login as root either via ssh or su. ssh just
> > fails after three attempts but su returns an error "User unknown to
> > underlying
> > authentication module"
> >
> > replacing pam_sss.so with pam_ldap.so in the common-auth file in pam.d
> > makes
> > the problem go away
> >
> > replacing pam_sss.so with pam_unix.so also makes the problem go away.
> > Ithink
> > this means there isn't a problem with the passwd and shadow files. I have
> > another non-root user in passwd and this user can also login with
> > pam_sss.so
> > configured
> >
> > nsswitch.conf can be either "files sss" or "compat sss" on all machines
> > for
> > passwd and group without affecting behaviour. None of the machines have an
> > nsswitch.conf entry for shadow.
> >
> > All three machines have "filter_user = root" and "filter_group = root" in
> > sssd.conf. Removing these filters on the failing machine makes no
> > difference to
> > behaviour.
> >
> > Any ideas?
> > Regards
> > Dave
> >
> > _______________________________________________
> > Bristol mailing list
> > Bristol@mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/bristol
------------------------------
Subject: Digest Footer
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
------------------------------
End of Bristol Digest, Vol 656, Issue 2
***************************************
Tidak ada komentar:
Posting Komentar