Good Day,
We primarily run with RHEL 5/6/7 Servers, but, for SAP we will be testing on SLES. We use Kerberos for authentication purposes ie. Add user locally but passwords are checked against AD. I installed the SLES 12 Server with defaults and did the following after :
zypper install krb5-client pam_krb5
Copied the /etc/krb5.conf file from one of the RHEL Servers across to the SLES 12 Server
pam-config --add --krb5 --add --mkhomedir
Now I can login with the local Admin User Accounts I added with password checks being done against AD … however, even though root has a local password, it is being authenticated against AD and then obviously fails.
Some config files :
[I]/etc/nsswitch.conf
passwd: compat
group: compat[/I]
[I]/etc/pam.d/common-account
account requisite pam_unix.so try_first_pass
account required pam_krb5.so use_first_pass
account required pam_localuser.so[/I]
[I]/etc/pam.d/common-auth
auth required pam_env.so
auth optional pam_gnome_keyring.so
auth sufficient pam_unix.so try_first_pass
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so[/I]
[I]/etc/pam.d/common-password
password requisite pam_cracklib.so
password optional pam_gnome_keyring.so use_authtok
password [default=ignore success=1] pam_succeed_if.so uid > 999 quiet
password sufficient pam_unix.so use_authtok nullok shadow try_first_pass
password sufficient pam_krb5.so
password required pam_deny.so[/I]
[I]/etc/pam.d/common-session
session optional pam_mkhomedir.so
session required pam_limits.so
session required pam_unix.so try_first_pass
session optional pam_krb5.so
session optional pam_umask.so
session optional pam_systemd.so
session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm
session optional pam_env.so[/I]
Other thing that crops up is the following :
chage -l user
chage: PAM: User not known to the underlying authentication module
Can anyone assist … maybe something trivial that I am missing ?
Regards