PAM error when authenticating via Radius due to missing local accountUnable to log into an X-series chassis after Radius is set up.
Sep 6 15:46:38 EUDC1F002 sshd(pam_unix): check pass; user unknown Sep 6 15:46:38 EUDC1F002
sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=172.28.56.5
Sep 6 15:38:34 EUDC1F002 login(pam_unix): could not identify user (from getpwnam(testuser))
Sep 6 15:38:34 EUDC1F002 login: User not known to the underlying authentication module
The Cisco ACS is reporting sucessful authentication
The username must be defined on the Crossbeam platform itself. If "testuser" is not fully defined and qualified on the Crossbeam (account, permissions, uid, etc.) then it cannot authenticate correctly with radius.
A local user must be configured, because different user levels with different permissions can be configured on Crossbeam. The user access permissions not only specify whether objects can be modified or not, but it also has impact on things like unix level file permissions and audit logging.
Some network devices allow Radius authenticated users without a local account configured, but these are often devices which have a simple set of access permisions and are not based on an operating system like XOS (Linux).