[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH and LDAP problem

To: David Moron <david.moron@openwired.net>
Subject: Re: SSH and LDAP problem
From: Jeff Gamsby <JFGamsby@lbl.gov>
Date: Wed, 07 Jan 2004 09:34:18 -0800
Cc: L Nehring <nehring@newparticles.com>, openldap-software@OpenLDAP.org
In-reply-to: <3FFBCC87.3060707@openwired.net>
Organization: Lawrence Berkeley National Laboratory
References: <3FF96816.1020708@openwired.net> <1073323923.26577.31.camel@lin-workstation.azapple.com> <3FF9A4ED.6050301@openwired.net> <3FF9AB0A.4080003@newparticles.com> <3FFBCC87.3060707@openwired.net>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624

I had the same problem. Try putting UsePAM=yes into sshd_config. I am running RedHat 9.

David Moron wrote:

The PAMAuthenticationViaKbdInt is set to 'yes' but it doesn't work.
Why when I start slapd root can't login via ssh if root is in /etc/passwd!? In nsswitch.conf I define first 'files' and then 'ldap'. It's a very extrange problem.
Thank you.
David Morón Ruano
L Nehring wrote:
I may have missed your previous post, but have you tried setting this line /etc/ssh/sshd_config?
PAMAuthenticationViaKbdInt yes
This is what it took so that my ldap users could authenticate using SSH without being listed in /etc/passwd. There is a warning comment in the sshd_config file about this setting, but in my case it does not affect my security model.
r,
Lance
http://www.newparticles.com/
David Moron wrote:
Craig White wrote:
On Mon, 2004-01-05 at 06:35, David Moron wrote:
Hi,
I,ve installed openldap 2.1.25 on a Debian 3.0 in order to authenticate the users with PAM. I configured all the services (proftpd, su, passwd ,etc) in order to use PAM to access the ldap server and they work properly. When I try using ssh: - If the user is in /etc/passwd: ssh asks for password and then closes the connection: #ssh -l admin 10.0.0.80 admin@10.0.0.80's password: Connection closed by 10.0.0.80 - If the user is in the ldap: ssh closes the connection directly: #ssh -l testldap 10.0.0.80 Connection closed by 10.0.0.80 - When I stop the ldap then I con login via ssh as a /etc/passwd user without problems.
---
sounds like the ldap user doesn't have a valid shell to operate in...
getent passwd |grep admin
admin in /etc/passwd has a valid shell /bin/sh ?
admin in ldap has invalid shell or no shell at all
just a guess
Craig
It isn't the problem :-( because I can do:
$su - testldap
passwd:
testldap$ id
uid=1004(testldap) gid=1003(test) grupos=1003(test)
And the shell exists.
Why when I start slapd root can't login via ssh!? In nsswitch.conf I define first 'files' and then 'ldap'
My testldap user entry:
# testldap, People, openwired.net
dn: uid=testldap,ou=People,dc=openwired,dc=net
loginShell: /bin/bash <-- exists
sambaAcctFlags: [U          ]
gidNumber: 1003
uidNumber: 1004
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: mailRecipient
uid: testldap
cn: testldap
homeDirectory: /home/testldap
shadowLastChange: 12422

Follow-Ups:
- Re: SSH and LDAP problem
  - From: tsg <tsg@bugalux.com>

References:
- SSH and LDAP problem
  - From: David Moron <david.moron@openwired.net>
- Re: SSH and LDAP problem
  - From: Craig White <craigwhite@azapple.com>
- Re: SSH and LDAP problem
  - From: David Moron <david.moron@openwired.net>
- Re: SSH and LDAP problem
  - From: L Nehring <nehring@newparticles.com>
- Re: SSH and LDAP problem
  - From: David Moron <david.moron@openwired.net>

Prev by Date: "namin attribute 'cn' is not present in entry' problen -can it be solved?
Next by Date: Re: "namin attribute 'cn' is not present in entry' problen -can it be solved?
Index(es):
- Chronological
- Thread