On (19/10/14 08:45), Orkhan Gasimov wrote: > 2. About my pam.d files - please read carefully my previous posts. > I commented > out the line in pam.d -> system and added it explicitly to You didn't have "account required /usr/local/lib/pam_sss.so ignore_unknown_user" in pam.d/system. The line is commented out, but there *IS NOT* argument ignore_unknown_use
Howto on FreeBSD forum[1] has argument ignore_unknown_user on the lines starting with account in both pam configuration files (system, sshd) > pam.d -> login because otherwise I get locked out from the machine. I sent I didn't touch "pam.d/login". I put "account .. pam_sss.so ignore_unknown_user" into "pam.d/system" (the same as in [1]) and I can login as sssd user and local user. I know that pam configuration isn't the easiest think for newbies, but your post will be even more confusing for others. Please do not give advices if you do not understand where is the problem and why it works with that change. > you the WORKING configuration and not the one which was recommended at > FreeBSD posts (and also by you). And yes, in pam.d -> system there's no > "ignore bla bla bla part" because in that file the line > "account required /usr/local/lib/pam_sss.so" just doesn't work, with or > without that part. I don't know what you did wrong, but it *works* with argument ignore_unknown_user How did you test? LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
