There is a problem using su to switch to local accounts over sssd (in this case with an ldap backend). The su session or command will work, but will produce an error status on exit (or completion).
The local accounts are present in the sssd.conf "filter_users" directive so that they are supposed to be ignored at the NSS level.
# su - localaccount
localaccount@hostname:~$ exit
logout
su: User not known to the underlying authentication module
# echo $?
1
In /var/log/auth.log this error is recorded:
Jun 4 23:00:45 hostname su[23930]: pam_unix(su:session): session closed for user localaccount
Jun 4 23:00:45 hostname su[23930]: pam_close_session: User not known to the underlying authentication module
Ubuntu release: 12.04 LTS
Package release: sssd 1.8.2-0ubuntu1 (amd64)
There is a problem using su to switch to local accounts over sssd (in this case with an ldap backend). The su session or command will work, but will produce an error status on exit (or completion).
The local accounts are present in the sssd.conf "filter_users" directive so that they are supposed to be ignored at the NSS level.
What is expected to happen:
# su - localaccount hostname: ~$ exit
localaccount@
logout
# echo $?
0
What happens:
# su - localaccount hostname: ~$ exit
localaccount@
logout
su: User not known to the underlying authentication module
# echo $?
1
In /var/log/auth.log this error is recorded: su:session) : session closed for user localaccount
Jun 4 23:00:45 hostname su[23930]: pam_unix(
Jun 4 23:00:45 hostname su[23930]: pam_close_session: User not known to the underlying authentication module