Active Directory/LDAP user not able to login: permission denied on PAM acct_mgmt

Follow

Problem

When integrating Workbench with Active Directory (or any LDAP store), you can use pamtester to identify login issues: 

sudo /usr/lib/rstudio-server/bin/pamtester --verbose rstudio <username> authenticate acct_mgmt setcred open_session close_session

Where <username> is the login name of the affected user.

When running the above, you may run into the following error:

pamtester: performing operation - authenticate
Password:
pamtester: successfully authenticated
pamtester: performing operation - acct_mgmt
pamtester: Permission denied

 

Solution

If your server uses SELinux, please set this to permissive:

sudo setenforce 0

 From there, restart the Workbench service:

sudo rstudio-server restart

 
Once we've ruled out security applications, you will need to add the following to your sssd.conf file:

ad_gpo_map_service = +rstudio
enumerate = true

 From there, restart the sssd service and attempt to login again.

 

Support Ticket

If you still have issues after completing the above, you can always lodge a support ticket, where our group of friendly, and incredibly knowledgeable staff can assist with any issues that you may be having. You can submit a ticket here:

https://support.posit.co/hc/en-us/requests/new

Comments