05-18-2017 07:21 AM
I have built a Red Hat Enterprise WorkStation and installed RGS. We have a decent sized enterprise and have NIS handling logins for Linux and Windows Services handling logins for that platform.
We do offer single sign-ins for Linux users (you can use either set of credentials). I know this SSO scheme works because I can SSH to the test machine and log in using either set of credentials. If I try to login via RGS, the following is seen in rg.log.
05-18-17 07:57:06 INFO - ReceiverDetails::isMatchFound - allowing connection via subnetmasking to IP address
05-18-17 07:57:18 ERROR - UnixSenderSecurityContext::authenticatePam::run - pam_authenticate failed.
Here are the relevent lines from /var/log/secure
May 18 07:57:18 hacl90 rgsender: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
May 18 07:57:18 hacl90 rgsender: PAM adding faulty module: /lib64/security/pam_stack.so
I've been looking at this for two days and frankly, my eyes hurt. Any help would be greatly appreciated.
05-24-2017 01:43 PM
What version of RHEL are you using? If RHEL 7, this is a valid configuration.
Below is an example of an incorrect pam.d/rgsender
auth required /lib64/security/pam_nologin.so
auth required /lib64/security/pam_stack.so service=system-auth
It should look like this:
auth required pam_env.so
auth required pam_nologin.so
auth include system-auth
account include password-auth
session include password-auth
You could also try changing "auth include system-auth to auth include password-auth
Let me know if this helps.
I work on the behalf of HP.
05-25-2017 03:12 PM
Please uninstall, reboot, and then reinstall using our script. If you can’t use the script for install, then installing the sender package followed by the config package should give a good /etc/pam.d/rgsender file. They need to pay attention to any error messages from rpm.
The files we look at to detect the distro is one of these (it could change in the future)
If we fail to find expected results from one of these files, I would expect the config package to fail to install.