Cannot Login AD Users on RHEL 8

Not sure if this is the right area but I installed RStudio Server and I can login with local accounts. When I joined it to an AD(Realm), I could not login with the username/password like I could with the local account.

Any ideas?

Say the ad account is spenny@website.com, I have used spenny, spenny@website.com and spenny@WEBSITE.COM since while joining the domain, it seemed to care about the capitalization.

I saw a post about modifying rserver.conf with auth-required-user-group=analysts, admins, rstudio-users but that didn't help, I didn't have a rstudio-users group but I did have a rstudio-server group, i added those users to that group by typing usermod -a -G rstudio-server spenny@website.com(it said no user when i tried just spenny) but it still didn't work, I rebooted.

I am beginning to hate Linux, I have always been a Windows guy, not sure how everyone knows how to do all of this.

Typically this is caused by a problem with the PAM configuration. If logging in via some other means (e.g. ssh) does work, then it can be useful to compare the PAM configurations for the working service and RStudio Server to see what's different.

There's more advice in our admin guide -- it's for Workbench, but all the PAM integration (except for sessions) applies to the open source version too. Try the pamtester tool!

https://docs.posit.co/ide/server-pro/authenticating_users/pam_authentication.html

Hello,

I have /usr/lib/rstudio-server/bin but pamtester is not located in that folder, is it a function of the paid version?

I don't have much experience with Linux/rhel, trying to learn, some of the articles had me make entries to the passwd config and I see some pam options in the rstudio file in pam.d.

-Steven

See previous comment.

Still not working but when I run:

sudo cp /etc/pam.d/login /etc/pam.d/rstudio

It is at least pausing, like it is thinking about it, still errors out,(error: incorrect or invalid username/password. Is there any way to see what its doing? Maybe there is a line I need to delete?

I am logging in with(example) spenny@company.com, I have local accounts that work flawlessly.

I have tried these on variations on the site:

spenny
spenny@company.com
SPENNY
SPENNY@company.com
SPENNY@COMPANY.COM

I genuinely don't understand why people like Linux so much, its probably great if you speak its language but for us that have to mainly do Windows, its a pain.

I got it to work, see below, it just seems like things could be written in a way to have a script or something with self checks, this was a combination of multiple other fixes:

I overwrote my rstudio config in pam.d

sudo cp /etc/pam.d/login /etc/pam.d/rstudio

I added this line in rserver.conf - /etc/rstudio/rserver.conf

auth-pam-require-password-prompt=0

It is possible you may not need to do this, this was my first setup, I was trying to get Gitlab, rstudio server and duo to work, some of this may have conflicted with eachother and some of what you have may be right.

At this point the login was taking longer, initially it was saying bad username and password right away so I figured I had gained some by setting the login pam settings over to the rstudio pam settings.

Part of Rstudio's troubleshooting mentions pamtester but it was not in my directory, I had to install it:

sudo yum makecache --refresh

sudo yum -y install pamtester

cd /usr/bin

pamtester --verbose rstudio pennysr@auburn.edu authenticate

I had to enter my AD password and it passed at this point but it was still not logging in, looked at the logs:

cd /var/log/rstudio/rstudio-server

nano rserver.log

This was for local logins, not my AD ones, had to go to:

nano rserver-pam.log

Error pam_acct_mgmt failed: Permission Denied

sudo nano /etc/sssd/sssd.conf

Add this:

ad_gpo_map_service = +rstudio

reboot -- probably could restart something like sssd but I'm new to this.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.