Description of problem: unable to use Active Directory Groups with spaces in the group name for pam_wheel.so module. Version-Release number of selected component (if applicable): pam-0.77-66.21 How reproducible: 1. Join RHEL server to Active Directory Domain 2. edit /etc/pam.d/su with: auth required pam_wheel.so debug trust group=Domain Admins OR auth required pam_wheel.so debug trust group="Domain Admins" Actual results: no members in 'Domain' group pam_parse: unknown option; Admins or no members in '"Domain' group pam_parse: unknown option; Admins" Expected results: Additional info: I am able to use Active directory groups in /etc/pam.d/sshd auth required pam_succeed_if.so quiet user ingroup "Systems Group" and I even tried adding this line to /etc/pam.d/su but no such luck. Thank you, for looking at this. If there is another method please let me know. also I have tried using '\' in the group name (e.g Domain\ Admins) but no such luck.
Created attachment 196111 [details] pam su config
Use this syntax: auth required pam_wheel.so debug trust [group=Domain Admins]
hmmm, doesn't work; but is atleast giving me a diffrent error: Access denied to 'useraccount' for 'root' but it does work if I change the group to a local group. **********/etc/pam.d/su***************** #%PAM-1.0 auth sufficient pam_rootok.so auth required pam_stack.so service=system-auth auth required pam_wheel.so debug trust [group=Domain Admins] account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth # pam_selinux.so close must be first session rule session required pam_selinux.so close session required pam_stack.so service=system-auth # pam_selinux.so open and pam_xauth must be last two session rules session required pam_selinux.so open session optional pam_xauth.so
What getent group 'Domain Admins' prints? Does the group entry contain the useraccount?