You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Note!! Please register for a free account to access the full content and also to participate in Q&A in the community

OCI: pam_lsass Can Deny Users Login Access with Denied Access

edited Jul 22, 2024 10:04AM in Linux

Applies To:

Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64

Symptoms:

Local and AD users cannot login even with the correct credentials. Login attempts at the serial console don't work either.

AD User Example)
localhost login: admin.aduser

Password:

Login incorrect

Local User Example)

loclahost login: testlocaluser

Password:

Access denied

Access denied

Cause:

The third-party PAM pam_lsass.so is denying user's access due to they not being in the "require membership of" list.

/var/log/secure:

Jul 10 11:07:04 localhost login[2008]: [lsass-pam] [module:pam_lsass]User testlocaluser is denied access because they are not in the 'require membership of' list
Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!