Chadarius
commented
4 years ago I checked my /var/log/auth.log as well. and I see that AD users are successfully authenticating but pam is denying access.
Aug 5 20:57:12 ub-guactest java: pam_unix(guacamole:auth): authentication failure; logname= uid=997 euid=997 tty= ruser= rhost= user=footest Aug 5 20:57:18 ub-guactest java: pam_sss(guacamole:auth): authentication success; logname= uid=997 euid=997 tty= ruser= rhost= user=footest Aug 5 20:57:18 ub-guactest java: pam_sss(guacamole:account): Access denied for user footest: 6 (Permission denied)
This lead my down a rabbit hole with PAM and SSS.
I had to change a line in /etc/sssd/sssd.conf from
access_provider = ad
to
access_provider = permit
Works fine even though no libpam4j package is installed. I guess that must be included in something else now? Great job on the module! This is just perfect for our EDU uses.
I get the following in my syslog for each ID
Aug 5 18:35:39 ub-guactest tomcat9[479476]: 18:35:39.142 [http-nio-8080-exec-2] INFO o.a.g.r.auth.AuthenticationService - User "fooadmin" successfully authenticated from 172.xxx.xxx.xxx. Aug 5 18:32:57 ub-guactest tomcat9[479476]: 18:32:57.219 [http-nio-8080-exec-5] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 172.xxx.xxx.xxx for user "foo" failed.I've got the system setup with SSSD active directory integration. I can login with AD users. I didn't even expect the local pam user to work because I was not able to install libpam4j as it is not packaged for Ubuntu 18.04 or 20.04 that I could find.
Is there anything else that would be useful for me to troubleshoot?