Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-28-2004, 12:37 PM   #1
LQ Newbie
Registered: Sep 2004
Posts: 1

Rep: Reputation: 0
Failing to log into ssh via ldap auth. Pam Problem?

I have a server that has slapd running, I have populated it with users,password, etc.

I have configured another machine to query the ldap database users.
so if try to ssh to the ssh machine i get the following

[root@machine1 etc]#ssh -l tom
tom@'s password: #I type in wrong password.
Permission denied, please try again.
tom@'s password: # I type in right password
Connection closed by

Thus this tells me that the authentication is taking place, but something after the authentication is throwing me out.

I have the following /etc/pam.d/ssh file on the ssh server machine...

auth required
auth sufficient
auth required shadow nodelay
account sufficient
account required
password required
password required shadow nullok use_authtok
session required skel=/etc/skel/ umask=0022
session required

I do have another problem as well, that might be related:
When I try and su to user "tom" it does not work with the pam_mkhomedir in the pam file...
For example:

[root@machine2 root]# su tom
Creating directory '/home/tom'.
could not open session

The /home/tom directory is not created.

I have the following /etc/pam.d/system_auth

auth required /lib/security/
auth sufficient /lib/security/ likeauth nullok
auth required /lib/security/

account sufficient /lib/security/ uid < 100
account required /lib/security/

password requisite /lib/security/ retry=3
password sufficient /lib/security/ nullok use_authtok md5 shadow
password required /lib/security/

session required /lib/security/
session required /lib/security/
session required /lib/security/ skel=/etc/skel/ umask=0022

When I comment out the pam_mkhomedir line, I can su to another user.

Any help would be erm... helpfull.
Kind Regards
Christiaan Ehlers
Old 10-10-2004, 08:55 AM   #2
Registered: May 2001
Posts: 28,886
Blog Entries: 55

Rep: Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356
Please add "debug" statements to the PAM config lines and retry.
Then could you please post relevant log lines?
Usually that'll help ppl to help you.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
pam LDAP client auth with multi OU's paul_mat Linux - Networking 0 11-02-2005 05:40 PM
pam.d/system-auth and LDAP? SheldonPlankton Linux - General 0 04-28-2005 02:11 PM
proftpd LDAP auth failing tisource Linux - Networking 1 03-30-2005 06:32 PM
PAM auth error with empty passphrase over SSH angrybeaver Linux - Software 0 09-12-2004 11:35 PM
openssh/PAM auth problem crippler909 Linux From Scratch 1 06-08-2003 12:51 PM

All times are GMT -5. The time now is 07:40 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration