vicjalan |
09-11-2008 04:26 PM |
RHEL 5 SSH Login with AD User
Hi all,
I got my RHEL 5 Server joined to our domain but I can't seem to log in using ssh with an AD user. I am able to sudo to a domain user once I log in with root so I'm not sure what exactly is wrong.
nsswitch.conf:
Code:
passwd: files winbind
shadow: files winbind
group: files winbind
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files
krb5.conf:
Code:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = CHILD.CORP.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
CHILD.CORP.DOMAIN.COM = {
kdc = DC01.CHILD.CORP.DOMAIN.COM:88
admin_server = DC01.CHILD.CORP.DOMAIN.COM:749
default_domain = CHILD.CORP.DOMAIN.COM
}
[domain_realm]
.child.corp.domain.com = CHILD.CORP.DOMAIN.COM
child.corp.domain.com = CHILD.CORP.DOMAIN.COM
[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf:
Code:
workgroup = CHILD
realm = CHILD.CORP.DOMAIN.COM
security = ads
password server = DC01.CHILD.CORP.DOMAIN.COM
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = true
winbind enum groups = yes
winbind enum users = yes
template homedir = /home/%D/%U
system-auth:
Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
auth sufficient pam_winbind.so use_first_pass
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
password sufficient pam_winbind.so use_authtok
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel umask=0077
when I run I get my domain users.
when I run I get my domain groups.
when I run I get my local users and domain users.
when I run I get my local groups and domain groups.
when I run I get "join OK"
when I run
Code:
kinit user@CHILD.CORP.DOMAIN.COM
and then I get to see my kerberos ticket
So it all seems to be set up correctly but when I try to ssh into the server, I get an access denied error. Unfortunately the server is offsite so I can't try at the terminal to see if it works from there. Anyone know what I might be missing?:(
Thanks,
Victor
|