In this environment there are no local users on our Linux-Servers, only Active Directory managed server.

Those servers also have Agents installed on them. Running a test job from AWI results in the following error:

User 'xxxxx' is unknown or an invalid password has been provided.

The password is correct.

There are two parts to the configuration.

 Automic agent side configuration

In order to make use of SSSD client we need to make the following changes in agent INI file.

authentication = PAM

we also need to use the correct PAM module in the agent ini. You may have to check with your security/System admin team if it needs something like this

[PAM]

libName = /usr/lib64/security/pam_sss.so

The agent log should PAM authentication enabled and show the library as loaded

20240531/124404.889 - U02000088 Library '/usr/lib64/security/pam_sss.so' loaded successfully.

20240531/124404.889 - U02003076 PAM authentication enabled.

OS side configuration

The /etc/pam.d/ directory contains the PAM configuration files for each PAM-aware application.

We need to have a file in /etc/pam.d/ucxjlx6  with the same name as the Agent binary (e.g. ucxjlx6 as in this case since we use linux agent) 

If it does not exist create as below

login as  root  so sudo su -

 create the  file in /etc/pam.d  with the same name as the Agent binary (e.g. ucxjlx6) 

Add the following to the file

#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth

For more details on PAM configuration, please refer to the following documentation.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files