Hi Giorgio, On Sun, May 26, 2013 at 09:43:17AM +0200, Giorgio Pioda wrote: > On Sat, May 25, 2013 at 05:37:20PM +0200, Petter Reinholdtsen wrote: > > > > > > pam_acct_mgmt: Authentication failure > > > > > > But actually sssd works, krb5 tickets are OK and right before this message > > > pam_sss claims a successful authentication. > > > > > > Any clues? > >
The only problem I had was when /etc/nsswitch.conf was missing the 'sss'. In addition you might want to check with 'pam-auth-update' what authentication mechanisms you would like to allow. I have only 'Unix' and 'SSS' installed and therefore available, and this seems to work fine. [...] > > Sssd seems to work properly. Ubuntu's pam_mklocaluser is still not working > correctly, > (even in Ubuntu 13.04, even using the fixed Wheezy package) and homedirs > are not created automatically. > Note that pam_mklocaluser is not necessarily needed. If you have home directories available for off-line use (which can be created with pretty easily during login [1]), there is no need to 'recreate' the users locally. Best regards, Andi [1] Add 'session required pam_mkhomedir.so skel=/etc/skel umask=0027' to /etc/pam.d/common-session However this only creates the directories when no NFS-homedirs are availabel. To create the directories in any login, I use libpam-script (Cf. http://anonscm.debian.org/gitweb/?p=collab-maint/debian-lan.git;a=blob;f=fai/config/scripts/ROAMING/10-home_nfs4_krb5;h=9b6b6d3749483b6ff9bfd207f21f5a8698019d46;hb=0600527f83621ba2a09fd3346ea23f2fe5884f77) -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130526082341.GA19033@fuzi