SSSD.CONF simple authentication not working

Comments 4

Hi All,

I have setup LDAP with kerberos for AD users to login to hosts, all works, users are authenticated and are issued kerberos tickets. Problem is anyone with a UID can log in regardless of how I restrict the simple authentication.
access_provider = simple
simple_allow_groups = A-Team

Is there a config that over-rides the sssd.conf setup?

Thanks

Started 2017-09-03T15:56:21+00:00 by

Jesus Calero

Community Member Newbie 20 points

Responses

JC Community Member Newbie 20 points

4 September 2017 6:32 PM

Jesus Calero

Ignore I resolved the access issue

CF Community Member 67 points

5 September 2017 12:22 PM

Chris Fowler

Could you share what your solution is? It may help if somebody comes across this issue and can then use your solution. Thanks

JC Community Member Newbie 20 points

5 September 2017 12:38 PM

Jesus Calero

I was missing a line in the password-auth-ac account module interface
account [default=bad success=ok user_unknown=ignore] pam_sss.so After adding this I was able to use simple access provider and allow groups. A user that was not in the group was now correctly being denied access as per the journalctl log pam_sss(sshd:account): Access denied for user auser

CF Community Member 67 points

5 September 2017 12:42 PM

Chris Fowler

Thanks for the feedback

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

SSSD.CONF simple authentication not working

Responses