-
Title
User not known to the underlying authentication module for illegal user -
Description
Users are unable to login and the following error (or something similar) is reported in /var/log/secure
++++++++++++++
sshd[4103]: error: PAM: User not known to the underlying authentication module for illegal user testuser1 from dc1.example.com
sshd[4103]: Failed keyboard-interactive/pam for invalid user testuser1 from 10.10.10.10 port 51627 ssh2
++++++++++++++
-
Cause
SELinux is set to enforcing on the Unix host without having configured the Authentication Services SELinux policy.
-
Resolution
Resolution 1.
If SELinux is not required then it can be set to permissive mode.
To check the current SELinux status run
# sestatus
To temporarily set the mode to permissive
# setenforce 0
To temporarily set the mode to enforcing
# setenforce 1
To permanently set the status of SELinux edit /etc/selinux/config.
A reboot is required for the edit to take effect.
See SELinux man pages for more details.
Resolution 2
To configure the Authentication Services SELinux policy run the following command as root
# /opt/quest/bin/vastool configure selinux
To unconfigure the same policy
# /opt/quest/bin/vastool unconfigure selinux
Please note that Authentication Services 4.1.7.x or higher is required in order to run commands in Resolution 2.