[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSHD doesn't start

To: openldap-technical@openldap.org
Subject: SSHD doesn't start
From: Jordi Espasa Clofent <jespasac@minibofh.org>
Date: Fri, 29 Aug 2008 12:32:30 +0200
User-agent: Thunderbird 2.0.0.16 (X11/20080724)

Hi all,

I'm just learning about wonderful OpenLDAP. I want to build a AAAA server (with OpenLDAP, of course) that allows SSH.

At present I've the next testing scenario:

	* OpenLDAP server (FreeBSD 7.0)
	* OpenLDAP client (FreeBSD 7.0 also)

When server it's running, I can always perform ssh logins on client. Perfect.

The problem is when I shutdown the server and after I reboot the client, the client systems completely hangs up when it tries to run up the sshd service.

?¿?¿?¿?

If I restart the server, the client runs fine again. I'm not understand the real reason of that behavior, but one thing is clear: SSH deamon requires OpenLDAP server runs. So I thing the problem is focused probably in pam.d module conf.

Useful info:

ldapclient# more /etc/pam.d/sshd

#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration for the "sshd" service
#

# auth auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass

# account
account         required        pam_nologin.so
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         sufficient      /usr/local/lib/pam_ldap.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required       /usr/local/lib/pam_mkhomedir.so debug
#session                required        pam_permit.so

# password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so use_authok password required pam_unix.so no_warn try_first_pass

ldapclient# more /etc/nsswitch.conf
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1 2006/05/03 15:14:47 ume Exp $
#
group:  ldap files
passwd: ldap files
#group: compat
#group_compat: nis
hosts: files dns
#networks: files
#passwd: compat
#passwd_compat: nis
shells: files
#services: compat
#services_compat: nis
protocols: files
rpc: files

--
Thanks,
Jordi Espasa Clofent

Prev by Date: LDAP + PAM, authentication of users in certain group
Next by Date: RE: Proxy to Active Directory
Index(es):
- Chronological
- Thread