AnsweredAssumed Answered

PAM Agent Lockcing AD User

Question asked by Roberto Manzo on Mar 9, 2018
Latest reply on Mar 12, 2018 by Roberto Manzo

Hi Sirs, goog afternoon!

 

I am trying to set the PAM Agent to authenticate using token and it is working fine but I have some particular things and I hope you can help me.

I am facing an issue with PAM Agent as follow:

 - When I configure the /etc/pam.d/sshd file adding the line "auth required pam_securid.so" it works fine with local user (with token and without a token) but for AD user it is working only using token, I am not able to authenticate with an AD user without a token.

   So I have made some changes to make it works, I set the parameter "PAM_IGNORE_SUPPORT_FOR_USERS para 1 " into the /etc/sd_pam.conf file and I added the three lines "auth required pam_securid.so / auth       sufficient   pam_unix.so try_first_pass / auth       sufficient   pam_krb5.so use_first_pass" into the /etc/pam.d/sshd, this way I am able to authenticate with local user (with token and without a token) and with AD user (with token and without a token) but after some successful authentication the AD user is being locked in the Active Directory and I dont know why it is happening.

 

I hope I have been clear, if I was not clear please let me know.

 

Anyone can help me?

 

Thanks in advance.

 

Regrds, 

Outcomes