[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: eduroaming pam_sss issues

Hi Giorgio,

On Sun, May 26, 2013 at 09:43:17AM +0200, Giorgio Pioda wrote:
> On Sat, May 25, 2013 at 05:37:20PM +0200, Petter Reinholdtsen wrote:
> > >
> > > pam_acct_mgmt: Authentication failure
> > >
> > > But actually sssd works, krb5 tickets are OK and right before this message
> > > pam_sss claims a successful authentication.
> > >
> > > Any clues?
> >

The only problem I had was when /etc/nsswitch.conf was missing the
'sss'.  In addition you might want to check with 'pam-auth-update'
what authentication mechanisms you would like to allow.  I have only
'Unix' and 'SSS' installed and therefore available, and this seems to
work fine.

[...]

>
> Sssd seems to work properly. Ubuntu's pam_mklocaluser is still not working correctly,
> (even in Ubuntu 13.04, even using the fixed Wheezy package) and homedirs
> are not created automatically.
>

Note that pam_mklocaluser is not necessarily needed.  If you have home
directories available for off-line use (which can be created with
pretty easily during login [1]), there is no need to 'recreate' the users
locally.

Best regards,

     Andi

[1] Add 'session required  pam_mkhomedir.so skel=/etc/skel umask=0027'
    to /etc/pam.d/common-session
    However this only creates the directories when no NFS-homedirs are
    availabel.  To create the directories in any login, I use
    libpam-script
    (Cf. http://anonscm.debian.org/gitweb/?p=collab-maint/debian-lan.git;a=blob;f=fai/config/scripts/ROAMING/10-home_nfs4_krb5;h=9b6b6d3749483b6ff9bfd207f21f5a8698019d46;hb=0600527f83621ba2a09fd3346ea23f2fe5884f77)
Reply to: