[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssh with ldap authentication

To: openldap-technical@openldap.org
Subject: Re: ssh with ldap authentication
From: Tim Watts <tw@dionic.net>
Date: Wed, 06 Mar 2013 17:20:52 +0000
In-reply-to: <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2EA2@IAD-WPRD-XCHB03.corp.verio.net>
References: <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2E86@IAD-WPRD-XCHB03.corp.verio.net> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2EA2@IAD-WPRD-XCHB03.corp.verio.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2

On 06/03/13 16:26, Rodney Simioni wrote:

Itâs not fixed, itâs a mystery. I just created new accounts this morning
and I tried to login and it was unsuccessful, but these accounts may
work later today.

Itâs just taking a very long time for the accounts to be enabled through
ssh login with ldap authentication.


Hi

Are you using nscd on the clients?

if so, there will be a delay before the cache gets refreshed.

A test, if you create a new LDAP user wibble is does:

getent passwd wibble

work on the client?

If not, try (as root on the client)

nscd -i passwd
nscd -i group

to invalidate both caches.

In short, if this were the reason, it would be because ssh cannot locatethe account info via PAM because pam_ldap is using nscd.


Cheers

Tim

--
Tim Watts
Personal Blog:                          http://squiddy.blog.dionic.net/

http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage

References:
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>

Prev by Date: RE: ssh with ldap authentication
Next by Date: Re: ssh with ldap authentication
Index(es):
- Chronological
- Thread