OCI: pam_lsass Can Deny Users Login Access with Denied Access
Applies To:
Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64
Symptoms:
Local and AD users cannot login even with the correct credentials. Login attempts at the serial console don't work either.
AD User Example) localhost login: admin.aduser
Password:
Login incorrect
Local User Example)
loclahost login: testlocaluser
Password:
Access denied
Access denied
Cause:
The third-party PAM pam_lsass.so is denying user's access due to they not being in the "require membership of" list.
/var/log/secure:
Jul 10 11:07:04 localhost login[2008]: [lsass-pam] [module:pam_lsass]User testlocaluser is denied access because they are not in the 'require membership of' list
Tagged:
0