[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH and LDAP problem



Root IS allowed to log via ssh:
PermitRootLogin yes

If ldap is not running i have no problem login /etc/passwd users. If I ldap is running I can login neither /etc/passwd nor ldap users (via SSH).

David Moron Ruano

tsg wrote:

Is root allowed to log via ssh in your system? Normally - not!
look at " PermitRootLogin no" at sshd_conf
Sergios

7 ?????? 2004 18:34, Jeff Gamsby ???????:


I had the same problem. Try putting UsePAM=yes into sshd_config. I am
running RedHat 9.

David Moron wrote:


The PAMAuthenticationViaKbdInt is set to 'yes' but it doesn't work.

Why when I start slapd root can't login via ssh if root is in
/etc/passwd!?
In nsswitch.conf I define first 'files' and then 'ldap'. It's a very
extrange problem.

Thank you.

David Morn Ruano

L Nehring wrote:


I may have missed your previous post, but have you tried setting this
line  /etc/ssh/sshd_config?

PAMAuthenticationViaKbdInt yes

This is what it took so that my ldap users could authenticate using
SSH without being listed in /etc/passwd.  There is a warning comment
in the sshd_config file about this setting, but in my case it does
not affect my security model.

r,
Lance
http://www.newparticles.com/

David Moron wrote:


Craig White wrote:


On Mon, 2004-01-05 at 06:35, David Moron wrote:


Hi,

I,ve installed openldap 2.1.25 on a Debian 3.0 in order to
authenticate the users with PAM.
I configured all the services (proftpd, su, passwd ,etc) in order
to use PAM to access the ldap server and they work properly. When
I try using ssh:
- If the user is in /etc/passwd: ssh asks for password and then
closes the connection:
#ssh -l admin 10.0.0.80
admin@10.0.0.80's password:
Connection closed by 10.0.0.80
- If the user is in the ldap: ssh closes the connection
directly: #ssh -l testldap 10.0.0.80
Connection closed by 10.0.0.80
- When I stop the ldap then I con login via ssh as a /etc/passwd
user without problems.


---
sounds like the ldap user doesn't have a valid shell to operate in...

getent passwd |grep admin

admin in /etc/passwd has a valid shell /bin/sh ?
admin in ldap has invalid shell or no shell at all

just a guess

Craig


It isn't the problem :-( because I can do:
$su - testldap
passwd:
testldap$ id
uid=1004(testldap) gid=1003(test) grupos=1003(test)
And the shell exists.

Why when I start slapd root can't login via ssh!?  In nsswitch.conf
I define first 'files' and then 'ldap'

My testldap user entry:
# testldap, People, openwired.net
dn: uid=testldap,ou=People,dc=openwired,dc=net
loginShell: /bin/bash <-- exists
sambaAcctFlags: [U ]
gidNumber: 1003
uidNumber: 1004
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: mailRecipient
uid: testldap
cn: testldap
homeDirectory: /home/testldap
shadowLastChange: 12422