ipa-client-install --mkhomedir --server=ipa1.example.com --domain=example.com
england-web-dev:/home/ansible # cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
england-web-dev:/home/ansible # cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
On ma, 23 maalis 2020, Faraz Younus via FreeIPA-users wrote:
>I'm not getting logs on sssd while accessing ssh however I'm getting logs
>in secure logs, it is looking for linux user
How did you enroll this machine? What distribution does it run?
Then you need to check your pam configuration for ssh server to see what
is there. On RHEL/Fedora it is /etc/pam.d/sshd. If it has
auth substack password-auth
auth include postlogin
then /etc/pam.d/password-auth defines what authentication is used.
There should be pam_sss mentioned.
For details see manual page for pam.d(5).
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland