You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

OCI: pam_lsass Can Deny Users Login Access with Denied Access

edited Jul 22, 2024 10:04AM in Linux

Applies To:

Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64

Symptoms:

Local and AD users cannot login even with the correct credentials. Login attempts at the serial console don't work either.

AD User Example)
localhost login: admin.aduser
Password:
Login incorrect
Local User Example)
loclahost login: testlocaluser
Password:
Access denied
Access denied

Cause:

The third-party PAM pam_lsass.so is denying user's access due to they not being in the "require membership of" list.

/var/log/secure:
Jul 10 11:07:04 localhost login[2008]: [lsass-pam] [module:pam_lsass]User testlocaluser is denied access because they are not in the 'require membership of' list

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!