我向我的服务器(CentOS 6.5)添加了一个本地用户,但是当我尝试以该用户身份登录时,SSSD 拒绝了我,并出现以下错误:
我可以使用我的 LDAP 凭据正常连接,但无法以任何本地用户身份连接。
sshd[5174]: pam_sss(sshd:account): Access denied for user tester2: 10 (User not known to the underlying authentication module)
nsswitch.conf:
.....
passwd: files sss
shadow: files sss
group: files sss
.......
sssd.conf:
[domain/default]
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
min_id = 8192
.....
[sssd]
domains = default
services = nss,pam,sudo
config_file_version = 2
[nss]
filter_groups = root
filter_users = root
[pam]
[sudo]
[domain/LOCAL]
id_provider = local
auth_provider = local
access_provider = permit
确认帐号:
# getent passwd tester2
tester2:x:9870:9872::/home/tester2:/bin/bash
看起来 PAM 在身份验证期间被 SSSD 阻止了。如何允许本地用户和 LDAP 用户通过 SSSD 进行 SSH 登录?