Linux User Administration

Under Linux the Pluggable authentication methods (PAM) are used for the OS Auth. Login.

Figure 1. Use of PAM

PAM Configuration

PAM must be configured so that WinCC OA can use it to authenticate. The PAM service name used by WinCC OA is "wincc_oa".

For example on Oracle Linux 9, you must create the following world-readable file /etc/pam.d/wincc_oa:

#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session include system-auth

PAM mechanism with a Windows Domain Controller

The following example shows the PAM mechanism with a Windows Domain Controller and a Linux Domain Controller implemented via Samba4. A user replication was configured and a Linux Client was integrated via LDAP to this environment. This means that a login to GNOME UI is possible with a user existing in Active Directory. The following figure shows how the system was configured. The domain user exists inside the Active directory.

Figure 2. Windows/Linux Domain Controller Architecture

With this configuration you can change to the OS Auth. user administration and authentication method inside the WinCC OA user administration panel. You can log in via the login.pnl panel.

Note: Check the PAM configuration and make sure that the required modules (SSSD module or the Winbind module when using Samba) are enabled.
Important: When using OS Authentication on Linux it is necessary to enable the user enumeration. Under RHEL this can be done by setting the line enumerate = True within the file /etc/sssd/sssd.conf.