Re: [Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication

Mon, 12 Mar 2018 11:08:45 -0700 

Spacewalk version and OS please... 
Also log entries except the tomcat would be helpful. 

What's the content of following: 
/etc/httpd/conf.d/intercept_form_submit.conf 
/etc/httpd/conf.d/ authnz_pam.conf 
/etc/httpd/conf.d/ auth_kerb.conf 

I don't think that you need to create the user if you do role map for external 
authenticated users ( Admin -> Users -> External Authentication -> Group Role 
Mapping ) 


/Alex 

From: "DiOrio, Max" <max.dio...@ieeeglobalspec.com> 
To: spacewalk-list@redhat.com 
Sent: Monday, March 12, 2018 4:52:21 PM 
Subject: [Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication 



Hi! 



I’m looking to potentially use SSSD and Active Directory to authenticate our 
users to Spacewalk. The Spacewalk server is already on the domain and we 
authenticate just fine via SSH using AD. 



I added the following to the rhn.conf file: 

pam_auth_service = spacewalk-satellite 



Created the spacewalk-satellite pam.d file: 

#%PAM-1.0 



auth required pam_env.so 

auth sufficient pam_sss.so no_user_check 

auth required pam_deny.so 



account required pam_sss.so no_user_check 



Restarted spacewalk. Created a user mdiorio in the GUI and checked the box to 
use PAM. 



But get the following error when I go to log in. 



Mar 12 11:51:21 la-1pspacewalk server: 2018-03-12 11:51:21,304 
[ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] WARN 
com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User mdiorio 
(id 2, org_id 1) failed with error Permission denied. 

Mar 12 11:51:23 la-1pspacewalk server: 2018-03-12 11:51:23,304 
[ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] INFO 
com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: [mdiorio] 



I can kinit my account on the server without a problem. 



Not sure what I’m missing. Thanks! 



Max DiOrio 

Global Systems Administrator 



201 Fuller Road, Suite 202 

Albany, NY 12203-3621 

Phone: +518-238-6516 | Mobile: +518-944-5289 

max.dio...@ieeeglobalspec.com 



_______________________________________________ 
Spacewalk-list mailing list 
Spacewalk-list@redhat.com 
https://www.redhat.com/mailman/listinfo/spacewalk-list 

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Reply via email to