LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 06-30-2005, 08:14 PM   #1
Sivel
LQ Newbie
 
Registered: Jun 2005
Posts: 6

Rep: Reputation: 0
Cannot Authenticate Via SSH


I have just installed Kerberos/OpenLDAP/Samba and following this guide:

hxxp://lilly.csoft.net/~vdebaere/handleiding/samba-activedirectory/index_en.html

And am now unable to ssh into the box using any of the users from the Acitive directory or local machine.

Any suggestions on what might have caused this or how I can fix this problem. I haven't tried login locally at the machine because it is kind of inaccessible. I do have webmin installed on the box so I can do basic administration from there. If need be I can get to the box to login locally.

I don't see what could have caused this. By the way I am using Fedora Core 3.


Thanks in advance.

sorry for the hxxp but I cant post links yet.

Last edited by Sivel; 06-30-2005 at 08:15 PM.
 
Old 06-30-2005, 09:23 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 116Reputation: 116
My guess would be that the pam stacks for ssh are improperly configured.
 
Old 06-30-2005, 09:50 PM   #3
Sivel
LQ Newbie
 
Registered: Jun 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Thats what I was thinking but I checked the PAM stuff for both login and ssh and compared them to a machine that was able to login properly. I also was thinking that maybe it was due to the fact that most of the users in AD are also configured on the linux box, which may possibly cause issues, but I know for sure there isn't an account called root in AD and I created a new user on the linux box and still can not ssh.

It would be a little easier if I were easily able to gain access to the box other than through the use of webmin.
 
Old 06-30-2005, 10:11 PM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 116Reputation: 116
Are they both authenticating against the same servers and directories?
 
Old 07-01-2005, 06:58 AM   #5
Sivel
LQ Newbie
 
Registered: Jun 2005
Posts: 6

Original Poster
Rep: Reputation: 0
No, the one that works properly is at my house that is authenticating against a windows 2003 AD at my house as well. The other two are at work.
 
Old 07-01-2005, 08:51 AM   #6
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 116Reputation: 116
Have you carefully compared configurations as much as possible? Are there any notable differences in the setups?
 
Old 07-01-2005, 12:53 PM   #7
Sivel
LQ Newbie
 
Registered: Jun 2005
Posts: 6

Original Poster
Rep: Reputation: 0
I got a chance to get to the datacenter today I found that I cannot log on locally. I'm thinking PAM must be messed up for login. I'll take a look at it here shortly.
 
Old 07-01-2005, 01:53 PM   #8
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 116Reputation: 116
That definitely sounds like a PAM issue. I've been thinking of migrating my network to an LDAP-based solution, but I'm wondering if it's worth the trouble for a half-dozen machines.
 
Old 07-01-2005, 06:39 PM   #9
Sivel
LQ Newbie
 
Registered: Jun 2005
Posts: 6

Original Poster
Rep: Reputation: 0
I solved the problem and wanted to respond to let you know. It appears that in my krb5.conf file I had "default_domain = " I for some reason forgot to finish configuring kerberos. I also found that I forgot to add

winbind enum users=yes
winbind enum groups=yes

to my smb.conf

After I made these changes everything went fine. Except that I had to use a fedora rescue cd to edit these files.

But I think what may have done it is was the nsswitch.conf

passwd: compat winbind
shadow: compat
group: compat winbind

may have caused the problem.

Although I think I need that I currently have

passwd: files
shadow: files
group: files

It works for now til I can test it again.
 
Old 07-01-2005, 08:43 PM   #10
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 116Reputation: 116
Thanks for posting the resolution/update. Hopefully others will be able to search and find the answer.
 
Old 07-03-2005, 10:13 AM   #11
Sivel
LQ Newbie
 
Registered: Jun 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Okay and for my final post for this problem...

The problem seems to come from /etc/nsswitch.conf

The following seems to break the authentication process:

passwd: compat winbind
shadow: compat
groups: compat winbind

For some reason the linux box will not authenticate with Acitve Directory unless you are using automatic login. If you have to manually login (ie entering in login info) it will not authenticate.

So the previous settings of "compat winbind" tells the linux box to only look to Active Directory for authentication.

So I just changed it to the following:

passwd: compat winbind files [NOTFOUND=return]
shadow: comapt files [NOTFOUND=return]
group: compat winbind files [NOTFOUND=return]

That way it will check with Active Directory then to the local files then if it cannot authenticate it will start over.

So the following changes that had to be made are:

passwd: compat winbind files [NOTFOUND=return]
shadow: comapt files [NOTFOUND=return]
group: compat winbind files [NOTFOUND=return]
hosts: files dns wins
ethers: db files
netmasks: files dns
networks: files dns
protocols: db files
rpc: db files
services: db files
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FC4 Slow to authenticate with SSH dashnaam Fedora 6 02-21-2006 09:31 PM
SSH connection won't authenticate MaestroC Linux - Security 5 10-16-2005 03:38 AM
authenticate against AD paul_mat Linux - Networking 5 05-28-2005 08:34 AM
ssh fails to authenticate some users cochoa Linux - Software 1 12-10-2004 07:43 AM
Setting up SSH to accept authenticate hosts without passwords jphaynes Slackware 4 05-05-2002 11:33 AM


All times are GMT -5. The time now is 08:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration