Problem : connect to CAS

[fabricepollet]

trafficstars

Hello I've got an issue to connect to CAS with SWAT 1.9.3 which I don't understand. Can u help me please? Regards Fabrice

I attach you screenshot from my notebook.

I received the following error from CAS Controller :

2021-08-14T10:52:16,890 INFO [00036472] MAIN NoUser MAIN [tkident.c:1349] - User [email protected] successfully authenticated using the OAuth authentication provider. 2021-08-14T10:52:36,119 ERROR [00036472] MAIN NoUser MAIN [tkclscommon.c:216] - pam_acct_mgmt failed: Permission denied (6). 2021-08-14T10:52:36,119 ERROR [00036472] MAIN NoUser MAIN [tkidentext.c:696] - Access denied. 2021-08-14T10:52:36,119 ERROR [00036472] MAIN NoUser MAIN [tkident.c:1393] - Authentication failed for user '[email protected]'. 2021-08-14T10:52:36,119 ERROR [00036472] MAIN NoUser MAIN [tkident.c:1394] - Access denied.

from /var/log/secure :

Aug 14 10:52:36 lx40461 identsvcs[63484]: pam_sss(cas:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= [email protected] Aug 14 10:52:36 lx40461 identsvcs[63484]: pam_sss(cas:account): Access denied for user [email protected]: 6 (Permission denied) Aug 14 10:53:27 lx40461 sshd[114852]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=56.45.161.62 [email protected] Aug 14 10:53:27 lx40461 sshd[114824]: Accepted keyboard-interactive/pam for [email protected] from 56.45.161.62 port 50166 ssh2 Aug 14 10:53:27 lx40461 sshd[114824]: pam_unix(sshd:session): session opened for user [email protected] by (uid=0) Aug 14 10:53:27 lx40461 sshd[114856]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=56.45.161.62 [email protected] Aug 14 10:53:27 lx40461 sshd[114856]: Accepted password for [email protected] from 56.45.161.62 port 50168 ssh2 Aug 14 10:53:28 lx40461 sshd[114856]: pam_unix(sshd:session): session opened for user [email protected] by (uid=0) Aug 14 10:54:09 lx40461 sudo: [email protected] : TTY=pts/0 ; PWD=/home/societe.mma.fr/pcgi102 ; USER=root ; COMMAND=/bin/su Aug 14 10:54:09 lx40461 sudo: pam_unix(sudo:session): session opened for user root by [email protected](uid=0) Aug 14 10:54:09 lx40461 su: pam_unix(su:session): session opened for user root by [email protected](uid=0) Aug 14 10:54:54 lx40461 identsvcs[63484]: pam_sss(cas:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= [email protected] Aug 14 10:54:54 lx40461 identsvcs[63484]: pam_sss(cas:account): Access denied for user [email protected]: 6 (Permission denied)

[rob-taylor-sas-com]

Fabrice, Some initial feedback is:

1. I believe the the user's account and password are correct but the account management system is saying the account is not valid. Is the account locked or expired?
2. Since the auth token was obtained the user/pass is correct. But it doesn't look like you go through PAM, instead simply bind to the LDAP server, which would not trigger account management. You could try commenting out the account management section of the cas file in the /etc/pam.d directory and I think that will allow it to proceed.

Thanks.

[fabricepollet]

Hi Rob

Thanks for your update, here is the content /etc/pam.d/cas from my environment :

#%PAM-1.0 auth include password-auth account include password-auth password include password-auth session include password-auth

Fabrice

[bkemper24]

Hi Fabrice, Did you try commenting out the account management section of the /etc/pam.d/cas file ? Did that help ? You could also try commenting out the session section :

#%PAM-1.0 auth include password-auth #account include password-auth password include password-auth #session include password-auth