PAM SSSD Allow Local Users











up vote
1
down vote

favorite












I've got a default SSSD configuration with PAM. I can login fine as any LDAP user. However, when I create a local user on a server:



adduser test1

passwd test1


and then try to login as that user I get the following error:



pam_sss(sshd:account): Access denied for user test1: 10 (User not known to the underlying authentication module)


My /etc/nsswitch.conf is this:



passwd:     files sss

shadow:     files sss

group:      files sss



#hosts:     db files nisplus nis dns

hosts:      files dns  



bootparams: nisplus [NOTFOUND=return] files



ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files sss



netgroup:   files sss



publickey:  nisplus



automount:  files ldap

aliases:    files nisplus



sudoers: files sss


Now files is listed as an alternate in nsswitch.conf but it doesn't seem to be looking at the files to authenticate.



How can I allow login as a local user when SSSD is my authentication module?






linux ssh pam







share|improve this question




















  • 1




    I ended up just creating an LDAP user to replace the local user
    – user3063045
    Apr 28 '16 at 18:08















up vote
1
down vote

favorite












I've got a default SSSD configuration with PAM. I can login fine as any LDAP user. However, when I create a local user on a server:



adduser test1

passwd test1


and then try to login as that user I get the following error:



pam_sss(sshd:account): Access denied for user test1: 10 (User not known to the underlying authentication module)


My /etc/nsswitch.conf is this:



passwd:     files sss

shadow:     files sss

group:      files sss



#hosts:     db files nisplus nis dns

hosts:      files dns  



bootparams: nisplus [NOTFOUND=return] files



ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files sss



netgroup:   files sss



publickey:  nisplus



automount:  files ldap

aliases:    files nisplus



sudoers: files sss


Now files is listed as an alternate in nsswitch.conf but it doesn't seem to be looking at the files to authenticate.



How can I allow login as a local user when SSSD is my authentication module?






linux ssh pam







share|improve this question




















  • 1




    I ended up just creating an LDAP user to replace the local user
    – user3063045
    Apr 28 '16 at 18:08













up vote
1
down vote

favorite









up vote
1
down vote

favorite











I've got a default SSSD configuration with PAM. I can login fine as any LDAP user. However, when I create a local user on a server:



adduser test1

passwd test1


and then try to login as that user I get the following error:



pam_sss(sshd:account): Access denied for user test1: 10 (User not known to the underlying authentication module)


My /etc/nsswitch.conf is this:



passwd:     files sss

shadow:     files sss

group:      files sss



#hosts:     db files nisplus nis dns

hosts:      files dns  



bootparams: nisplus [NOTFOUND=return] files



ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files sss



netgroup:   files sss



publickey:  nisplus



automount:  files ldap

aliases:    files nisplus



sudoers: files sss


Now files is listed as an alternate in nsswitch.conf but it doesn't seem to be looking at the files to authenticate.



How can I allow login as a local user when SSSD is my authentication module?






linux ssh pam







share|improve this question















I've got a default SSSD configuration with PAM. I can login fine as any LDAP user. However, when I create a local user on a server:



adduser test1

passwd test1


and then try to login as that user I get the following error:



pam_sss(sshd:account): Access denied for user test1: 10 (User not known to the underlying authentication module)


My /etc/nsswitch.conf is this:



passwd:     files sss

shadow:     files sss

group:      files sss



#hosts:     db files nisplus nis dns

hosts:      files dns  



bootparams: nisplus [NOTFOUND=return] files



ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files sss



netgroup:   files sss



publickey:  nisplus



automount:  files ldap

aliases:    files nisplus



sudoers: files sss


Now files is listed as an alternate in nsswitch.conf but it doesn't seem to be looking at the files to authenticate.



How can I allow login as a local user when SSSD is my authentication module?






linux ssh pam




linux ssh pam






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 16 '17 at 14:20









Ramhound

19.6k156084




19.6k156084










asked Apr 28 '16 at 14:25









user3063045

17819




17819








  • 1




    I ended up just creating an LDAP user to replace the local user
    – user3063045
    Apr 28 '16 at 18:08














  • 1




    I ended up just creating an LDAP user to replace the local user
    – user3063045
    Apr 28 '16 at 18:08








1




1




I ended up just creating an LDAP user to replace the local user
– user3063045
Apr 28 '16 at 18:08




I ended up just creating an LDAP user to replace the local user
– user3063045
Apr 28 '16 at 18:08










2 Answers
2






active

oldest

votes

















up vote
0
down vote













Sounds strange. You should look in your pam configuration, in
the lines starting with account. I suppose that there is only
pam_sss but not pam_unix.



To find the right pam file scould be tricky, depends on the distribution
you use.



For RHEL based system and SSH it is /etc/pam.d/password-auth






share|improve this answer






























    up vote
    0
    down vote













    Troubleshooting Authentication, Password Change and Access Control
    In order for authentication to be successful, the user information must be accurately provided first. Before debugging authentication, please make sure the user information is resolvable with getent passwd $user or id $user. Failing to retrieve the user info would also manifest in the secure logs or the journal with message such as:



    pam_sss(sshd:account): Access denied for user admin: 10 (User not known to the underlying authentication module)


    Source of Information






    share|improve this answer





















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "3"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1070887%2fpam-sssd-allow-local-users%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      0
      down vote













      Sounds strange. You should look in your pam configuration, in
      the lines starting with account. I suppose that there is only
      pam_sss but not pam_unix.



      To find the right pam file scould be tricky, depends on the distribution
      you use.



      For RHEL based system and SSH it is /etc/pam.d/password-auth






      share|improve this answer



























        up vote
        0
        down vote













        Sounds strange. You should look in your pam configuration, in
        the lines starting with account. I suppose that there is only
        pam_sss but not pam_unix.



        To find the right pam file scould be tricky, depends on the distribution
        you use.



        For RHEL based system and SSH it is /etc/pam.d/password-auth






        share|improve this answer

























          up vote
          0
          down vote










          up vote
          0
          down vote









          Sounds strange. You should look in your pam configuration, in
          the lines starting with account. I suppose that there is only
          pam_sss but not pam_unix.



          To find the right pam file scould be tricky, depends on the distribution
          you use.



          For RHEL based system and SSH it is /etc/pam.d/password-auth






          share|improve this answer














          Sounds strange. You should look in your pam configuration, in
          the lines starting with account. I suppose that there is only
          pam_sss but not pam_unix.



          To find the right pam file scould be tricky, depends on the distribution
          you use.



          For RHEL based system and SSH it is /etc/pam.d/password-auth







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Oct 16 '17 at 14:22









          Ramhound

          19.6k156084




          19.6k156084










          answered May 4 '16 at 12:48









          sterni1971

          114




          114
























              up vote
              0
              down vote













              Troubleshooting Authentication, Password Change and Access Control
              In order for authentication to be successful, the user information must be accurately provided first. Before debugging authentication, please make sure the user information is resolvable with getent passwd $user or id $user. Failing to retrieve the user info would also manifest in the secure logs or the journal with message such as:



              pam_sss(sshd:account): Access denied for user admin: 10 (User not known to the underlying authentication module)


              Source of Information






              share|improve this answer

























                up vote
                0
                down vote













                Troubleshooting Authentication, Password Change and Access Control
                In order for authentication to be successful, the user information must be accurately provided first. Before debugging authentication, please make sure the user information is resolvable with getent passwd $user or id $user. Failing to retrieve the user info would also manifest in the secure logs or the journal with message such as:



                pam_sss(sshd:account): Access denied for user admin: 10 (User not known to the underlying authentication module)


                Source of Information






                share|improve this answer























                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  Troubleshooting Authentication, Password Change and Access Control
                  In order for authentication to be successful, the user information must be accurately provided first. Before debugging authentication, please make sure the user information is resolvable with getent passwd $user or id $user. Failing to retrieve the user info would also manifest in the secure logs or the journal with message such as:



                  pam_sss(sshd:account): Access denied for user admin: 10 (User not known to the underlying authentication module)


                  Source of Information






                  share|improve this answer












                  Troubleshooting Authentication, Password Change and Access Control
                  In order for authentication to be successful, the user information must be accurately provided first. Before debugging authentication, please make sure the user information is resolvable with getent passwd $user or id $user. Failing to retrieve the user info would also manifest in the secure logs or the journal with message such as:



                  pam_sss(sshd:account): Access denied for user admin: 10 (User not known to the underlying authentication module)


                  Source of Information







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 12 '17 at 11:57









                  Mohit Malviya

                  1




                  1






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Super User!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1070887%2fpam-sssd-allow-local-users%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                      Image
                      0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f...
                      Read more

                      Mangá

                      Image
                        Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a ...
                      Read more

                      Eduardo VII do Reino Unido

                      Image
                      Eduardo VII Rei do Reino Unido da Grã-Bretanha e Irlanda e dos Domínios Britânicos de Além-mar Imperador da Índia Rei do Reino Unido e Imperador da Índia Reinado 22 de janeiro de 1901 a 6 de maio de 1910 Coroação 9 de agosto de 1902 Delhi Durbar 1 de janeiro de 1903 Predecessora Vitória Sucessor Jorge V   Esposa Alexandra da Dinamarca Descendência Alberto Vitor, Duque de Clarence e Avondale Jorge V do Reino Unido Luísa, Princesa Real Vitória de Gales Maud de Gales Alexandre João de Gales Casa Saxe-Coburgo-Gota Nome completo Alberto Eduardo Nascimento 9 de novembro de 1841   Palácio de Buckingham, Londres, Reino Unido Morte 6 de maio de 1910 (68 anos)   Palácio de Buckingham, Londres, Reino Unido Enterro Capela de São Jorge, Windsor, Berkshire, Reino Unido 20 de maio de 1910 Pai Alberto de Saxe-Coburgo-Gota Mãe Vitória do Reino Unido Assinatura ...
                      Read more