[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap client wasn't able to authenticate SSH



Hi,

I have issue with my openldap client to authenticate on SSH using openldap server. It's failed to authenticate using account that i create on openldap server OR default user !. I have to reboot to single mode and change everything back to default. The SSH account that i use is "labu"

Output from /etc/passwd on openldap server (10.1.1.1):

# more /etc/passwd | grep labu
labu:x:1003:1003::/home/labu:/bin/sh

Here's what i'm using on the setup:

Server (10.1.1.1):
i. openldap 2.4.28-1.1 on Linux Ubuntu 12.04

Client (10.1.1.2):
i. libpam-ldapd 0.8.4 on Linux Ubuntu 12.04

Here's the output when i do on openldap server itself:

# ldapsearch -h localhost -D "cn=admin,dc=ROSAK,dc=COM" -w openiam -b "dc=ROSAK,dc=COM" -s sub "objectclass=*"
ldap_bind: Invalid credentials (49)

_BUT_ i'm am able to login using admin account on phpldapadmin.

Here's my /etc/ldap/slapd.conf

##############################################################
#  S L A P D . C O N F
# ##############################################################
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

password-hash   {CLEARTEXT}
allow bind_v2
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
modulepath      /usr/lib/ldap
moduleload      back_bdb.la
#moduleload      back_@BACKEND@

access to dn.exact="cn=admin,ou=Roles,dc=ROSAK,dc=COM" by * manage
access to dn.exact="cn=admin,ou=Roles,dc=ROSAK,dc=COM" by * read
access to attrs=userPassword by self write
                                 by anonymous auth
                                 by * none

access to * by self write
         by users read
         by anonymous auth

database        bdb
suffix          "dc=ROSAK,dc=COM"
rootdn          "cn=admin,dc=ROSAK,dc=COM"
rootpw          {CLEARTEXT}123456
directory       "/var/lib/ldap"
index           objectClass eq
loglevel        2048


Here's /etc/nsswitch.conf from my openldap client:

# /etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap
sudoers:        files ldap
services:       files ldap
automount:      files ldap

Here's /etc/pam.d/sshd from my openldap client:

# auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.so

Appreciate anyone help / advice.

Thanks.


---
ded1
"The end is the beginning, the beginning is the end"