I need to allow domain users (userid and password) access to a Centos 7 server, as well as local users (SSH key/passwordless). I have configured sshd_config with both AllowUsers and AllowGroups and assumed that if I added the local user to those it should work. However, I'm getting an error when local users try and login:
sshd[23906]: pam_sss(sshd:account): Access denied for user datahub_push: 10 (User not known to the underlying authentication module)
sshd[23906]: fatal: Access denied for user datahub_push by PAM account configuration [preauth]
The domain users work just fine and have an entry under AllowGroups in sshd_config. After some googling there is a suggestion that I need to modify:
/etc/pam.d/sshd
...but I'm not sure of what to change and whether editing that file is best practice? i.e. should I use the authconfig tool instead.
Any help hugely appreciated.