Hello,

I was wondering if someone is willing to share his pam configuration file which works with the naaf pam client and ssh. Because mine isn't.

What I did so far:

1. Clean CentOS 7.3 install (CentOS Linux release 7.3.1611)
2. Joined AD
3. Installed and configured naaf linux pam client (naaf-linuxpamclient-centos-release-5.4.8.rpm)

Normal login works fine, but logins thru ssh will fail.

ssh administrator@10.0.1.115
administrator@10.0.1.115's password:
Authentication failed.

/var/log/message:

May 21 21:58:46 vm4 kernel: sshd[2564]: segfault at 0 ip 00007f9464520586 sp 00007ffce6d34c48 error 4 in libc-2.17.so[7f94643ed000+1b6000]

/etc/pam.d/password-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth [success=done ignore=ignore default=die] /opt/pam_aucore/lib/pam_aucore.so

auth [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so