This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA PAM Authentication Agent cannot challenge users in Active Directory groups

Article Number

000036300

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for PAM
RSA Version/Condition: 7.1.x
Platform: Linux

Issue

LDAP / Active Directory groups need to be challenged/unchallenged from the RSA PAM module, but PAM can't resolve these users.

Cause

The issue occurs because the getgrent() system call never returns the group entry.

Resolution

To resolve the issue, edit the /etc/sssd/sssd.conf file to include the line below. 
enumerate = true

Notes

You may need to set the nesting level in the /etc/sssd/sssd.conf file to appear as shown below. 
ldap_group_nesting_level = 2

 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 08:55 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.