On 05/12/2015 11:47 AM, Ulrich Hiller wrote:> that's intersting. "performing access check" is really missing.OK.... Your system is configured to not check users with uidNumber < 2000. Your original message obscured the UID of the user you were testing. What is it?
yessterday we ha a public holiday here. Now i am bach. ;-) the uid is below 2000. If you want to know the real number: it is 1026. But when i set the 2000 to 1000: account sufficient pam_succeed_if.so uid < 1000 quiet i cannot login at all. "Permission denied" With kind regards, ulrich On 05/13/2015 06:36 PM, Gordon Messmer wrote:> On 05/12/2015 11:47 AM, Ulrich Hiller wrote: >> that's intersting. "performing access check" is really missing. > > OK.... Your system is configured to not check users with uidNumber < > 2000. Your original message obscured the UID of the user you were > testing. What is it? > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >
On 05/15/2015 03:07 AM, Ulrich Hiller wrote:> the uid is below 2000. If you want to know the real number: it is 1026.I'm happy to help, but I have to point out that we've been chasing this problem for ten days now, and the problem would be been pretty obvious if you had not obscured the uidNumber to begin with. Please don't obscure information that isn't security-sensitive. Your uidNumber is not sensitive. Your Samba SID is not sensitive. These things can't be used to launch an attack on your system. Obscuring them wastes your time, above all.> But when i set the 2000 to 1000: > account sufficient pam_succeed_if.so uid < 1000 quiet > i cannot login at all. "Permission denied"What do the logs say? If the "secure" log doesn't clarify the problem, then set debugging on sssd to 7 and check that log as well.