Our world-readable /etc/pam.d/wincc_oa file contains the following entries as per the documentation (https://www.winccoa.com/documentation/W ... linux.html):
Code: Select all
auth include password-auth
account include password-auth
password include system-auth
session include system-authWhen using OS Authentication on Linux it is necessary to enable the user enumeration. Under RHEL this can be done by setting the line enumerate = True within the file /etc/sssd/sssd.conf.
When changing a users password on the authentication server the new user credentials allow us to log in to the host operating system. However, when logging in to WinCC OA a Warning dialog box stating "Unknown workstation error" is shown. If we check the authentication server (Kerberos) it shows a successful authentication was made but it is WinCC OA that is not letting the user in. The log viewer contains the following messages when the dialog appears:
Code: Select all
WCCOAui (19), 2024.08.05 11:43:14.339, CTRL, SEVERE, 5/ctrl, Location of the following log entry:
Module: Vision_1
Panel: /home/Projects/MTLIB/panels/vision/login.pnl [Login]
In reference: vision/loginFramework/login_Standard.pnl Group: 0 named: "vision/loginFramework/login_Standard.pnl"
Script: ScopeLib
Library: /opt/WinCC_OA/3.18/scripts/libs/classes/userManagement/UserManagement.ctl
Line: 603
WCCOAui (19), 2024.08.05 11:43:14.339, PARAM,SEVERE, 0, , No permission to change password
WCCOAui (19), 2024.08.05 11:43:14.348, CTRL, SEVERE, 1/OaLogin, Unknown workstation errorIs anyone able to assist with some more detail about the specific config, files and their permission requirements in association with running WinCC OA with 'OS Auth'? (further to those seen in the documentation, e.g world-readable pam.d file and sssd enumerate=true config)