PAM SSSD Allow Local Users
Troubleshooting Authentication, Password Change and Access Control
In order for authentication to be successful, the user information must be accurately provided first. Before debugging authentication, please make sure the user information is resolvable with getent passwd $user
or id $user
. Failing to retrieve the user info would also manifest in the secure logs or the journal with message such as:
pam_sss(sshd:account): Access denied for user admin: 10 (User not known to the underlying authentication module)
Related videos on Youtube
user3063045
Updated on September 18, 2022Comments
-
user3063045 over 1 year
I've got a default SSSD configuration with PAM. I can login fine as any LDAP user. However, when I create a local user on a server:
adduser test1 passwd test1
and then try to login as that user I get the following error:
pam_sss(sshd:account): Access denied for user test1: 10 (User not known to the underlying authentication module)
My
/etc/nsswitch.conf
is this:passwd: files sss shadow: files sss group: files sss #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss publickey: nisplus automount: files ldap aliases: files nisplus sudoers: files sss
Now
files
is listed as an alternate innsswitch.conf
but it doesn't seem to be looking at the files to authenticate.How can I allow login as a local user when SSSD is my authentication module?
-
user3063045 almost 8 yearsI ended up just creating an LDAP user to replace the local user
-
-
Brad Solomon about 3 yearsIn what way does this actually answer the question?