I may have missed your previous post, but have you tried setting this
line /etc/ssh/sshd_config?
PAMAuthenticationViaKbdInt yes
This is what it took so that my ldap users could authenticate using
SSH without being listed in /etc/passwd. There is a warning comment
in the sshd_config file about this setting, but in my case it does
not affect my security model.
r,
Lance
http://www.newparticles.com/
David Moron wrote:
Craig White wrote:
On Mon, 2004-01-05 at 06:35, David Moron wrote:
Hi,
I,ve installed openldap 2.1.25 on a Debian 3.0 in order to
authenticate the users with PAM.
I configured all the services (proftpd, su, passwd ,etc) in order
to use PAM to access the ldap server and they work properly. When
I try using ssh:
- If the user is in /etc/passwd: ssh asks for password and then
closes the connection:
#ssh -l admin 10.0.0.80
admin@10.0.0.80's password:
Connection closed by 10.0.0.80
- If the user is in the ldap: ssh closes the connection
directly: #ssh -l testldap 10.0.0.80
Connection closed by 10.0.0.80
- When I stop the ldap then I con login via ssh as a /etc/passwd
user without problems.
---
sounds like the ldap user doesn't have a valid shell to operate in...
getent passwd |grep admin
admin in /etc/passwd has a valid shell /bin/sh ?
admin in ldap has invalid shell or no shell at all
just a guess
Craig
It isn't the problem :-( because I can do:
$su - testldap
passwd:
testldap$ id
uid=1004(testldap) gid=1003(test) grupos=1003(test)
And the shell exists.
Why when I start slapd root can't login via ssh!? In nsswitch.conf
I define first 'files' and then 'ldap'
My testldap user entry:
# testldap, People, openwired.net
dn: uid=testldap,ou=People,dc=openwired,dc=net
loginShell: /bin/bash <-- exists
sambaAcctFlags: [U ]
gidNumber: 1003
uidNumber: 1004
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: mailRecipient
uid: testldap
cn: testldap
homeDirectory: /home/testldap
shadowLastChange: 12422