How to run jobs using an AD managed user in RHEL and Ubuntu
search cancel

How to run jobs using an AD managed user in RHEL and Ubuntu

book

Article ID: 369077

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

In an environment where there are no local user accounts on the Linux servers, and all user authentication is managed through Active Directory, the following issue is observed.

The servers have Agents installed, and when a test job is executed from the AWI, the following error message appears:

User 'xxxxx' is unknown or an invalid password has been provided.

The password has been confirmed to be correct.

Environment

OS: Linux/Unix

Resolution

The issue occurs because the Automic Agent is unable to authenticate users via Active Directory when PAM/SSSD is not correctly configured.
Follow the steps below based on your operating system.

Automic Agent Configuration

  1. Open the Agent INI file (e.g. ucsrv.ini or ucxjlx6.ini).

  2. Under the [AUTHORIZATION] section, enable PAM authentication:

    authentication = PAM

  3. Define the PAM library to be used (SSSD client):

    Example 1 RHEL:
     
    [PAM]
    libName = /usr/lib64/security/pam_sss.so
     
    Example 2 Ubuntu:
     
    [PAM]
    libName = libpam.so

  4. Save the file and restart the Agent.

  5. Verify the Agent log  shows PAM authentication enabled and the library loaded successfully:

    Example 1 RHEL:
    20240531/124404.889 - U02000088 Library '/usr/lib64/security/pam_sss.so' loaded successfully.
    20240531/124404.889 - U02003076 PAM authentication enabled.
     
    Example 2 Ubuntu:
    20251020/142736.669 - U02000088 Library 'libpam.so.0' loaded successfully.
    20251020/142736.669 - U02003076 PAM authentication activated.
     

Operating System Configuration

1. RHEL (Red Hat Enterprise Linux)

  1. Log in as root (or use sudo su -).

  2. Navigate to /etc/pam.d/.

  3. Create a new file named after the Agent binary (for example, ucxjlx6):

    vi /etc/pam.d/ucxjlx6

  4. Add the following content to the file:

    #%PAM-1.0
    auth       include      system-auth
    account    include      system-auth
    password   include      system-auth

  5. Save the file and restart the Automic Agent.

2. Ubuntu

  • Log in as root (or use sudo su -).

  • Navigate to /etc/pam.d/.

  • Create a new file with the same name as the Agent binary (e.g. ucxjlx6):

    vi /etc/pam.d/ucxjlx6

  • Add the following configuration:

    #%PAM-1.0
    auth include common-auth
    account include common-auth
    password include common-auth

  • Save the file and restart the Automic Agent.

 

Powered by Wolken Software