Linux User Administration
Under Linux the Pluggable authentication methods (PAM) are used for the OS Auth. Login.
PAM Configuration
PAM must be configured so that WinCC OA can use it to authenticate. The PAM service name used by WinCC OA is "wincc_oa".
For example on Oracle Linux 9, you must create the following world-readable file /etc/pam.d/wincc_oa
:
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
PAM mechanism with a Windows Domain Controller
The following example shows the PAM mechanism with a Windows Domain Controller and a Linux Domain Controller implemented via Samba4. A user replication was configured and a Linux Client was integrated via LDAP to this environment. This means that a login to GNOME UI is possible with a user existing in Active Directory. The following figure shows how the system was configured. The domain user exists inside the Active directory.
With this configuration you can change to the OS Auth. user administration and authentication method inside the WinCC OA user administration panel. You can log in via the login.pnl panel.
enumerate = True
within the file /etc/sssd/sssd.conf.