[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openldap client wasn't able to authenticate SSH
Hi,
I have issue with my openldap client to authenticate on SSH using openldap
server. It's failed to authenticate using account that i create on openldap
server OR default user !. I have to reboot to single mode and change everything
back to default. The SSH account that i use is "labu"
Output from /etc/passwd on openldap server (10.1.1.1):
# more /etc/passwd | grep labu
labu:x:1003:1003::/home/labu:/bin/sh
Here's what i'm using on the setup:
Server (10.1.1.1):
i. openldap 2.4.28-1.1 on Linux Ubuntu 12.04
Client (10.1.1.2):
i. libpam-ldapd 0.8.4 on Linux Ubuntu 12.04
Here's the output when i do on openldap server itself:
# ldapsearch -h localhost -D "cn=admin,dc=ROSAK,dc=COM" -w openiam -b
"dc=ROSAK,dc=COM" -s sub "objectclass=*"
ldap_bind: Invalid credentials (49)
_BUT_ i'm am able to login using admin account on phpldapadmin.
Here's my /etc/ldap/slapd.conf
##############################################################
# S L A P D . C O N F
#
##############################################################
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
password-hash {CLEARTEXT}
allow bind_v2
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap
moduleload back_bdb.la
#moduleload back_@BACKEND@
access to dn.exact="cn=admin,ou=Roles,dc=ROSAK,dc=COM" by * manage
access to dn.exact="cn=admin,ou=Roles,dc=ROSAK,dc=COM" by * read
access to attrs=userPassword by self write
by anonymous auth
by * none
access to * by self write
by users read
by anonymous auth
database bdb
suffix "dc=ROSAK,dc=COM"
rootdn "cn=admin,dc=ROSAK,dc=COM"
rootpw {CLEARTEXT}123456
directory "/var/lib/ldap"
index objectClass eq
loglevel 2048
Here's /etc/nsswitch.conf from my openldap client:
# /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
sudoers: files ldap
services: files ldap
automount: files ldap
Here's /etc/pam.d/sshd from my openldap client:
# auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
Appreciate anyone help / advice.
Thanks.
---
ded1
"The end is the beginning, the beginning is the end"