[tac_plus] Authentication using Likewise and AD
heasley
heas at shrubbery.net
Tue Mar 31 16:19:18 UTC 2015
Tue, Mar 31, 2015 at 02:32:37PM +0000, Matt Almgren:
> Hey there Heasley,
>
> I have been successful with local authentication using /etc/passwd and
> DES. So I know that TACACS and the switch are talking to each other well.
>
> As for the contents of my pam config, well I¹ve tried numerous things.
>
> Here¹s a few examples:
>
> 1)
> auth include common-auth
> account required pam_nologin.so
> account include common-auth
> password include common-auth
> session optional pam_keyinit.so force revoke
> session include common-auth
> session required pam_loginuid.so
>
>
> Which produces this common error in /var/log/auth.log:
>
> Mar 31 07:12:44 sjc-tools01 tac_plus[8384]: pam_unix(tac_plus:auth): check
> pass; user unknown
> Mar 31 07:12:44 sjc-tools01 tac_plus[8384]: pam_unix(tac_plus:auth):
> authentication failure; logname=DOMAIN\matta uid=0 euid=0 tty= ruser=
> rhost=
this seems to be your issue; it looks like pam_unix is receiving a ldap-like
username, but thats not something it can handle, afaik. if Likewise is
ldap-like and you want to verify that the user exists in the local unix
password file, then you would need a pam module that strips the "DOMAIN\\"
portion of the username before calling the passwd handling library functions.
More information about the tac_plus
mailing list