In sssd, simple access_provider is not working as expected

Solution Verified - Updated -

Issue

  • Even after allowing only single user in sssd.conf file, ALL users are able to login. /var/log/secure logs show:
Mar 11 13:09:31 test7-rh sshd[4179]: pam_succeed_if(sshd:auth): no condition detected; module succeeded  <--------
Mar 11 13:09:32 test7-rh sshd[4179]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.45.0.23 user=ad_user2
Mar 11 13:09:32 test7-rh sshd[4179]: pam_succeed_if(sshd:account): no condition detected; module succeeded  <-------
Mar 11 13:09:32 test7-rh sshd[4179]: Accepted password for jdalton3 from 137.45.0.23 port 52080 ssh2
Mar 11 13:09:32 test7-rh sshd[4179]: pam_unix(sshd:session): session opened for user ad_user2 by (uid=0)
Mar 11 13:10:15 test7-rh sshd[4179]: pam_unix(sshd:session): session closed for user ad_user2
  • sssd.conf not honouring access settings from configuration:
access_provider = simple
simple_allow_users = ad_user1

Still all AD users are able to login(ideally on ad_user1 should be able to login)

Environment

  • Red Hat Enterprise Linux 6/7
  • sssd
  • pam

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content