Jul 12 12:46:16 10-222-215-57 unix_chkpwd[376431]: check pass; user unknown
Jul 12 12:46:16 10-222-215-57 unix_chkpwd[376432]: check pass; user unknown
Jul 12 12:46:16 10-222-215-57 unix_chkpwd[376432]: password check failed for user (saltuser)
Jul 12 12:46:16 10-222-215-57 python3[374824]: pam_unix(login:auth): authentication failure; logname= uid=529180 euid=529180 tty= ruser= rhost= user=saltuser
Jul 12 12:46:16 10-222-215-57 python3[374824]: pam_sss(login:auth): authentication failure; logname= uid=529180 euid=529180 tty= ruser= rhost= user=saltuser
Jul 12 12:46:16 10-222-215-57 python3[374824]: pam_sss(login:auth): received for user saltuser: 10 (User not known to the underlying authentication module)
One thing to note is the uid=529180 euid=529180 listed in the logs is the uid for the salt user itself because assumingly that is the user running salt-api.
If I change the user to salt (not saltuser) then it works. But we dont want to authenticate with the salt user, we want to use the new user named saltuser. About 4 of us have spent nearly 14 hours working on this, and we cannot find the solution. It seems like it might be something to do with a pam module setting, but nothing we try seems to matter. You can see in the logs that the pam_unix system fails and so it falls back to pam_sss. Neither which work. We have also tried authenticated as an ldap user, which we’ve had no luck with either.
Hey @Jeff_Sparrow
this came to my mind when reading your post. Not sure if it is exactly the same problem, though. However, there is a good description in the PR.