Did you know LQ has a Linux Hardware Compatibility List?
Go Back > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.


Search this Thread
Old 09-11-2008, 04:26 PM   #1
LQ Newbie
Registered: Sep 2008
Location: Altanta, GA
Distribution: RHEL 5, Fedora 8, Fedora 9
Posts: 9

Rep: Reputation: 0
RHEL 5 SSH Login with AD User

Hi all,

I got my RHEL 5 Server joined to our domain but I can't seem to log in using ssh with an AD user. I am able to sudo to a domain user once I log in with root so I'm not sure what exactly is wrong.

passwd:     files winbind
shadow:     files winbind
group:      files winbind
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = CHILD.CORP.DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

  admin_server = DC01.CHILD.CORP.DOMAIN.COM:749
  default_domain = CHILD.CORP.DOMAIN.COM


 pam = {
   debug = true
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

workgroup = CHILD
security = ads
password server = DC01.CHILD.CORP.DOMAIN.COM
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = true
winbind enum groups = yes
winbind enum users = yes
template homedir = /home/%D/%U

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required
auth        sufficient nullok try_first_pass
auth        requisite uid >= 500 quiet
auth        required
auth        sufficient use_first_pass

account     required broken_shadow
account     sufficient uid < 500 quiet
account     required
account [default=bad success=ok user_unknown=ignore]

password    requisite try_first_pass retry=3
password    sufficient md5 shadow nullok try_first_pass use_authtok
password    required
password    sufficient use_authtok

session     optional revoke
session     required
session     [success=1 default=ignore] service in crond quiet use_uid
session     required
session     required skel=/etc/skel umask=0077
when I run
wbinfo -u
I get my domain users.

when I run
wbinfo -g
I get my domain groups.

when I run
getent passwd
I get my local users and domain users.

when I run
getent group
I get my local groups and domain groups.

when I run
net ads testjoin
I get "join OK"

when I run
and then
klist -5
I get to see my kerberos ticket

So it all seems to be set up correctly but when I try to ssh into the server, I get an access denied error. Unfortunately the server is offsite so I can't try at the terminal to see if it works from there. Anyone know what I might be missing?


Old 09-12-2008, 09:40 AM   #2
LQ Newbie
Registered: Sep 2008
Location: Altanta, GA
Distribution: RHEL 5, Fedora 8, Fedora 9
Posts: 9

Original Poster
Rep: Reputation: 0
Got it!

I got it, I knew all I needed was a good night's rest

I needed to add the following to etc/pam.d/sshd.conf

auth sufficient
account sufficient
password sufficient use_authtok
Once I added these 3 parameters I was able to log into the server using ssh.
Old 09-12-2008, 11:22 AM   #3
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,933
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Thanks for posting the solution! I was scratching my head over that one too!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH - cannot login as 1 particular user pnellesen Linux - Networking 7 11-24-2006 11:25 PM
ssh login without password for only one user zhjim Linux - Server 4 11-21-2006 04:31 PM
unable to login as user other than root on RHEL 4 done some changes in etc /shawdow abhi_raj Linux - Newbie 1 07-18-2006 08:47 AM
HELP me on SSH User login manya Linux - Security 1 05-03-2004 03:56 PM
how can i restrick user to login with ssh? davidrios Linux - Networking 1 04-27-2004 05:59 PM

All times are GMT -5. The time now is 07:20 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration