I have sssd configured to authenticate against AD.
Here I have my user properly authenticating and su works fine.
<snip>
root@host:~# su - nhuisman
root@host:~# exit
logout
auth.log entries
Nov 5 17:56:25 host sshd[8417]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 5 17:56:28 host su[8494]: Successful su for nhuisman by root
Nov 5 17:56:28 host su[8494]: + /dev/pts/0 root:nhuisman
Nov 5 17:56:31 host su[8494]: pam_unix(su:session): session opened for user nhuisman by root(uid=0)
Nov 5 17:57:43 host su[8494]: pam_unix(su:session): session closed for user nhuisman
</snip>
Now I try and su - to a local user which isn't in AD
<snip>
root@host:~# su - vikingtest
vikingtest@host:~$ exit
logout
su: User not known to the underlying authentication module
Nov 5 17:54:30 host su[22464]: Successful su for vikingtest by root
Nov 5 17:54:30 host su[22464]: + /dev/pts/0 root:vikingtest
Nov 5 17:54:30 host su[22464]: pam_unix(su:session): session opened for user vikingtest by root(uid=0)
Nov 5 17:54:31 host su[22464]: pam_unix(su:session): session closed for user vikingtest
Nov 5 17:54:31 host su[22464]: pam_close_session: User not known to the underlying authentication module
</snip>
Is there some way to increase the verbosity of the logs? I added debug to the pam config but got nothing more than the same error.
I have sssd configured to authenticate against AD.
Here I have my user properly authenticating and su works fine.
<snip>
root@host:~# su - nhuisman
root@host:~# exit
logout
auth.log entries sshd:session) : session opened for user root by (uid=0) su:session) : session opened for user nhuisman by root(uid=0) su:session) : session closed for user nhuisman
Nov 5 17:56:25 host sshd[8417]: pam_unix(
Nov 5 17:56:28 host su[8494]: Successful su for nhuisman by root
Nov 5 17:56:28 host su[8494]: + /dev/pts/0 root:nhuisman
Nov 5 17:56:31 host su[8494]: pam_unix(
Nov 5 17:57:43 host su[8494]: pam_unix(
</snip>
Now I try and su - to a local user which isn't in AD
<snip>
root@host:~# su - vikingtest
vikingtest@host:~$ exit
logout
su: User not known to the underlying authentication module
Nov 5 17:54:30 host su[22464]: Successful su for vikingtest by root su:session) : session opened for user vikingtest by root(uid=0) su:session) : session closed for user vikingtest
Nov 5 17:54:30 host su[22464]: + /dev/pts/0 root:vikingtest
Nov 5 17:54:30 host su[22464]: pam_unix(
Nov 5 17:54:31 host su[22464]: pam_unix(
Nov 5 17:54:31 host su[22464]: pam_close_session: User not known to the underlying authentication module
</snip>
Is there some way to increase the verbosity of the logs? I added debug to the pam config but got nothing more than the same error.