SSSD and local user
I encounter a problem when I want to connect with the local user WITHOUT the network connection.
When the network comes back, no problem with local users and ldap (SSSD) users. The SSSD is configured and working. According to my research it's in /etc/pam.d in the "common-*" configuration files:
Here are my common-conf files: common-account: Code:
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so Code:
auth [success=2 default=ignore] pam_unix.so nullok_secure Code:
password requisite pam_pwquality.so retry=3 Code:
session [default=1] pam_permit.so |
Can you be more explicit about what you mean by network connection? Or do you mean that you can't login as a local user when not connected to the LAN. What is the issue that you're trying to solve here?
|
If you are trying to achieve offline authentication, this will rely on the online authentication credentials being cached first. For that you'd need to set
Code:
cache_credentials = true Once you have authenticated online, you should then be able to authenticate while offline (eg with the network cable unplugged). |
Quote:
What I'm looking for is when the machine has no network cable plugged in => No local network and internet connection. I would like to log in with the user that was created locally on the machine. But with my SSSD configured and my /etc/pam.d/ files I cannot connect with this user when the network cable is unplugged. I looked at redhat's SSSD to see if there was an error in my configuration and apparently everything is ok: https://access.redhat.com/documentat...zation-in-rhel I also check if caching should be enabled in SSSD, it is fine. |
Share the [sssd] and [pam] sections of sssd.conf please.
Check PAM configuration: https://access.redhat.com/documentat...ration_Options |
Here is my sssd.conf file (I have deliberately hidden certain parts for confidentiality):
Quote:
According to your link, the part is missing: Quote:
|
I notice in your opening post that you have entries with the control value of 'requirment' eg
Code:
auth requirement pam_deny.so Code:
auth requisite pam_deny.so I would have expected common-auth to look more like this Code:
auth [success=2 default=ignore] pam_unix.so nullok_secure Quote:
|
Quote:
With the translation (FR/EN) it put “requirement” into “requisite” |
Post Up
|
All times are GMT -5. The time now is 05:34 PM. |