LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page SSH using Active Directory credentials fail
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-15-2009, 11:48 PM   #1
noir911
Member
 
Registered: Apr 2004
Posts: 682

Rep: Reputation: Disabled
SSH using Active Directory credentials fail

I am trying to SSH to a RHEL 5.x box using my AD credentials but getting the following errors.

Code:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.20.24  user=chris
pam_krb5[10907]: authentication fails for 'chris' (chris@DOMAIN.COM): Authentication failure (KRB5 error code 68)
pam_smb: Missing Configuration file : /etc/pam_smb.conf
pam_winbind(sshd:auth): getting password (0x00000010)
pam_winbind(sshd:auth): pam_get_item returned a password
pam_winbind(sshd:auth): user 'chris' granted access
pam_krb5[10907]: account checks fail for 'chris': unknown reason -1765328316 (KRB5 error code 68)
pam_winbind(sshd:account): user 'chris' OK
pam_winbind(sshd:account): user 'chris' granted access
Failed password for chris from 172.16.20.24 port 51847 ssh2
fatal: Access denied for user chris by PAM account configuration

"getent passwd" gives all AD user accounts, "wbinfo -g" shows all AD groups, "wbinfo -u" shows all AD users.
"getent shadow" gives nothing (not sure if it is supposed to?)

/etc/pam_smb.conf has only two entries: the AD server's name and the IP address of the password server (AD)

/etc/nsswitch.conf has the following entries modified/ added:

passwd: files winbind compat
shadow: files winbind compat
group: files winbind
passwd_compat: ldap
shadow_compat: ldap

/etc/ssh/sshd_config has "UsePAM yes" - tried changing that to "UsePAM no" (and restart SSHD) and I get error when I log in:

Code:
error: Could not get shadow information for chris  Failed password for chris from 172.16.20.24 port 47658 ssh2
 
Old 09-17-2009, 09:35 AM   #2
ramram29
Member
 
Registered: Jul 2003
Location: Miami, Florida, USA
Distribution: Debian
Posts: 848
Blog Entries: 1

Rep: Reputation: 47
You may need to configure /etc/pam.d/common-{auth,account,passwd} with pam_winbind.so. Look at the Samba documentation for hints. For AD authentication it also helps if you have Kerberos, nscd and LDAP properly setup; that way you have two options: winbind and ldap/kerberos.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Passwordless ssh configuration with Active Directory authentication rsussman Linux - Software 1 06-05-2009 11:10 AM
SSH and credentials file? fruitwerks Linux - Security 3 05-07-2009 03:53 PM
Authenticate ssh logins against kerberos / Active directory rosv Linux - Security 1 09-11-2008 07:16 AM
Logging in via SSH while authenticating against Active Directory. rurounikakita Linux - Enterprise 7 02-23-2008 09:57 PM
Mapping windows directory to linux client automatically at login with credentials bschneider Linux - Networking 13 05-12-2005 10:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:32 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration