You are not logged in.
Hello,
I want to login into my Arch with Active Directory credentials on my laptop.
When this will be done I'll try to login with smartcard.
What did I do:
- installed SSSD
- installed REALM
- setup PAM.D
- setup KRB5.conf
REALMD is made to do everything automatically, but it needed program which is unavailable in Arch - authconfig.
It is in AUR, but I couldn't get to install it, so I've tried a lot of times to config it manually.
realm -v join mydomain.comI've got error, but what is import to me it created krb5 keytab file, so I was thinking everything is suppose to be in configuration of nssswitch.conf, /etc/pam.d/ and ligthdm.conf.
Yesterday I've got to login into shell with my domain user. I was connected to my work network and I established connection with server.
Users didn't show up in getent passwd.
I've tried to login in graphical env., but lightdm doesn't see my domain user... so i tried to switch to manual login.
I've discovered that lightdm-webkit2-greeter doesn't allow to manual login, I've changed to gtk-greeter and after restart I've got disconnected from my network and it look like credentials dissapeared...
I've tried several things:
realm leave mydomain.com
realm -v join mydomain.comAfter that realm hangs... yesterday I did something that credentials was saved. Realm wasn't asking me for user and password. Today it is not working...
I'm really thinking that I'm not setting PAM correctly.
Do you have any working instruction how to achieve my goals? And ticket lifetime is 7 days, and after few hours it was impossible to login... - why?
This are my config:
pam.d/system-auth
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session optional pam_gnome_keyring.so auto_start
session required pam_limits.so
-session optional pam_systemd.so
#session optional pam_oddjob_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.soSSSD is empty after realm leave.
krb5.conf
[libdefaults]
default_realm = MYDOMAIN.COM
ticket_lifetime = 7d
renew_lifetime = 15d
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
MYDOMAIN.COM = { }
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COMThanks for your help!
Offline