Spacewalk version and OS please... Also log entries except the tomcat would be helpful.
What's the content of following: /etc/httpd/conf.d/intercept_form_submit.conf /etc/httpd/conf.d/ authnz_pam.conf /etc/httpd/conf.d/ auth_kerb.conf I don't think that you need to create the user if you do role map for external authenticated users ( Admin -> Users -> External Authentication -> Group Role Mapping ) /Alex From: "DiOrio, Max" <max.dio...@ieeeglobalspec.com> To: spacewalk-list@redhat.com Sent: Monday, March 12, 2018 4:52:21 PM Subject: [Spacewalk-list] Spacewalk and AD/SSSD Based User Authentication Hi! I’m looking to potentially use SSSD and Active Directory to authenticate our users to Spacewalk. The Spacewalk server is already on the domain and we authenticate just fine via SSH using AD. I added the following to the rhn.conf file: pam_auth_service = spacewalk-satellite Created the spacewalk-satellite pam.d file: #%PAM-1.0 auth required pam_env.so auth sufficient pam_sss.so no_user_check auth required pam_deny.so account required pam_sss.so no_user_check Restarted spacewalk. Created a user mdiorio in the GUI and checked the box to use PAM. But get the following error when I go to log in. Mar 12 11:51:21 la-1pspacewalk server: 2018-03-12 11:51:21,304 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] WARN com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User mdiorio (id 2, org_id 1) failed with error Permission denied. Mar 12 11:51:23 la-1pspacewalk server: 2018-03-12 11:51:23,304 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-4] INFO com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: [mdiorio] I can kinit my account on the server without a problem. Not sure what I’m missing. Thanks! Max DiOrio Global Systems Administrator 201 Fuller Road, Suite 202 Albany, NY 12203-3621 Phone: +518-238-6516 | Mobile: +518-944-5289 max.dio...@ieeeglobalspec.com _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list