SSSD, PAM and STIG
I have a STIG'd RHEL 7.4 that is giving me trouble with PAM and SSSD for Active Directory authentication. SELinux is configured and enforcing, but for the purposes of troubleshooting I have set it to permissive mode.
It was joined to the domain using realm, but when I attempt to SSH or log in with domain account I am getting permission denied
Permissions on krb5.conf, krb5.keytab and sssd.conf are set correctly. sssd.conf has NSS and PAM within the domain section of the config.
/var/log/secure says:
pam_succeed_if(sshd:auth): requirement "user in pgp" not met by user DOMAINUSER
Failed password for user DOMAINUSER from X.X.X.X
I've triple checked it's not a password issue. Tried to run authconfig --enablesssdauth, made sure sss was in the /etc/nssswitch.conf.
Any ideas why I am getting the "permission denied" for authentication, and if this could have to do with PAM and SSSD?
Can't post all the logs now, but definitely can when I am back in office tomorrow.
Thank you!