[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSH and LDAP problem
Is root allowed to log via ssh in your system? Normally - not!
look at " PermitRootLogin no" at sshd_conf
Sergios
7 Январь 2004 18:34, Jeff Gamsby написал:
> I had the same problem. Try putting UsePAM=yes into sshd_config. I am
> running RedHat 9.
>
> David Moron wrote:
> > The PAMAuthenticationViaKbdInt is set to 'yes' but it doesn't work.
> >
> > Why when I start slapd root can't login via ssh if root is in
> > /etc/passwd!?
> > In nsswitch.conf I define first 'files' and then 'ldap'. It's a very
> > extrange problem.
> >
> > Thank you.
> >
> > David Morn Ruano
> >
> > L Nehring wrote:
> >> I may have missed your previous post, but have you tried setting this
> >> line /etc/ssh/sshd_config?
> >>
> >> PAMAuthenticationViaKbdInt yes
> >>
> >> This is what it took so that my ldap users could authenticate using
> >> SSH without being listed in /etc/passwd. There is a warning comment
> >> in the sshd_config file about this setting, but in my case it does
> >> not affect my security model.
> >>
> >> r,
> >> Lance
> >> http://www.newparticles.com/
> >>
> >> David Moron wrote:
> >>> Craig White wrote:
> >>>> On Mon, 2004-01-05 at 06:35, David Moron wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I,ve installed openldap 2.1.25 on a Debian 3.0 in order to
> >>>>> authenticate the users with PAM.
> >>>>> I configured all the services (proftpd, su, passwd ,etc) in order
> >>>>> to use PAM to access the ldap server and they work properly. When
> >>>>> I try using ssh:
> >>>>> - If the user is in /etc/passwd: ssh asks for password and then
> >>>>> closes the connection:
> >>>>> #ssh -l admin 10.0.0.80
> >>>>> admin@10.0.0.80's password:
> >>>>> Connection closed by 10.0.0.80
> >>>>> - If the user is in the ldap: ssh closes the connection
> >>>>> directly: #ssh -l testldap 10.0.0.80
> >>>>> Connection closed by 10.0.0.80
> >>>>> - When I stop the ldap then I con login via ssh as a /etc/passwd
> >>>>> user without problems.
> >>>>
> >>>> ---
> >>>> sounds like the ldap user doesn't have a valid shell to operate in...
> >>>>
> >>>> getent passwd |grep admin
> >>>>
> >>>> admin in /etc/passwd has a valid shell /bin/sh ?
> >>>> admin in ldap has invalid shell or no shell at all
> >>>>
> >>>> just a guess
> >>>>
> >>>> Craig
> >>>
> >>> It isn't the problem :-( because I can do:
> >>> $su - testldap
> >>> passwd:
> >>> testldap$ id
> >>> uid=1004(testldap) gid=1003(test) grupos=1003(test)
> >>> And the shell exists.
> >>>
> >>> Why when I start slapd root can't login via ssh!? In nsswitch.conf
> >>> I define first 'files' and then 'ldap'
> >>>
> >>> My testldap user entry:
> >>> # testldap, People, openwired.net
> >>> dn: uid=testldap,ou=People,dc=openwired,dc=net
> >>> loginShell: /bin/bash <-- exists
> >>> sambaAcctFlags: [U ]
> >>> gidNumber: 1003
> >>> uidNumber: 1004
> >>> objectClass: posixAccount
> >>> objectClass: shadowAccount
> >>> objectClass: account
> >>> objectClass: mailRecipient
> >>> uid: testldap
> >>> cn: testldap
> >>> homeDirectory: /home/testldap
> >>> shadowLastChange: 12422