ssh hangs - openldap authentication
Hi,
Here is the result of trying to ssh from a machine to an openldap client:
....
debug1: Host '142.126.232.97' is known and matches the RSA host key.
debug1: Found key in /Users/mtimbro/.ssh/known_hosts:30
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/mtimbro/.ssh/identity (0x0)
debug2: key: /Users/mtimbro/.ssh/id_rsa (0x0)
debug2: key: /Users/mtimbro/.ssh/id_dsa (0x0)
Connection closed by 142.126.232.97
It just hangs there and disconnects.
Here are the configuration files:
Client:
[root@vm6-webu1 ~]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=example, dc=com
URI ldaps://example.com:636/
TLS_CACERT /etc/openldap/certs/cacert.pem
TLS_REQCERT allow
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
Result of ldapsearch is accurate and speedy. It connects perfectly to the ldap server and spits out all the entries. Mind you, I use a self-signed certificate.
[root@vm6-webu1 ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
I think I may have a problem in this file although my pam skills aren't great.
Please help me out this is the last step before completion of this project.
Thanks.
|