2
1
I added a local user to my server (CentOS 6.5) but when I attempt to login as that user I'm getting denied by SSSD with the following error:
I can connect with my LDAP credentials fine but can't connect as any local user.
sshd[5174]: pam_sss(sshd:account): Access denied for user tester2: 10 (User not known to the underlying authentication module)
nsswitch.conf:
.....
passwd: files sss
shadow: files sss
group: files sss
.......
sssd.conf:
[domain/default]
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
min_id = 8192
.....
[sssd]
domains = default
services = nss,pam,sudo
config_file_version = 2
[nss]
filter_groups = root
filter_users = root
[pam]
[sudo]
[domain/LOCAL]
id_provider = local
auth_provider = local
access_provider = permit
Confirming account:
# getent passwd tester2
tester2:x:9870:9872::/home/tester2:/bin/bash
It seems that PAM is getting stopped by SSSD during authentication. How can I allow SSH login of local users and also LDAP users via SSSD?
Ken J
Posted 2016-09-06T18:20:21.727
Reputation: 303
Would filter_users work under nss or pam? – Ken J – 2016-09-06T19:42:47.210
I ended up having to remove pam_access from password-auth and system-auth. – Ken J – 2016-09-06T19:57:35.497