Article Number
000036300
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for PAM
RSA Version/Condition: 7.1.x
Platform: Linux
Issue
LDAP / Active Directory groups need to be challenged/unchallenged from the RSA PAM module, but PAM can't resolve these users.
Cause
The issue occurs because the getgrent() system call never returns the group entry.
Resolution
To resolve the issue, edit the
/etc/sssd/sssd.conf file to include the line below.
enumerate = true
Notes
You may need to set the nesting level in the
/etc/sssd/sssd.conf file to appear as shown below.
ldap_group_nesting_level = 2