LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-23-2010, 03:20 PM   #1
kemot1000
LQ Newbie
 
Registered: Jun 2010
Posts: 2

Rep: Reputation: 0
Question Problem with ssh with domain users on RHEL and MSAD 2003


Hi ALL,

I need to configure LDAP and connect it to Microsoft Active Directory 2003 SP2 to manage my RHEL 5.5 with Microsoft windows Domain

At this point I'm able to query MSAD (getent passwd/group lists all the users/groups from Domain as well as local)

Also Kerberos authentication is working (kinit user is working and klist are returning expected results)

Now my problem is that I cannot ssh into the RHEL box with any of the Domain Users even though I can see those account in getent results.

My first question is if everything is ok with my system-auth configuration file (I'm not sure if all is needed and in right order):

auth required pam_env.so
auth required pam_tally.so deny=5
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
auth sufficient pam_ldap.so use_first_pass
auth sufficient pam_krb5.so minimum_uid=990

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_tally.so deny=5 no_magic_root reset
account required pam_permit.so
account sufficient pam_ldap.so
account required pam_krb5.so minimum_uid=990

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so remember=7 md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
password sufficient pam_ldap.so use_authtok
password sufficient pam_krb5.so minimum_uid=990

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so remember=7 use_authtok
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
session optional pam_ldap.so
session required pam_krb5.so minimum_uid=990


Second question. How to add Linux server computer account to MSAD Computers CN without using SAMBA ?? From what I read kadmin should do it but not sure how to do it
 
Old 06-24-2010, 08:30 AM   #2
alli_yas
Member
 
Registered: Apr 2010
Location: Johannesburg
Distribution: Fedora 14, RHEL 5.5, CentOS 5.5, Ubuntu 10.04
Posts: 559

Rep: Reputation: 92
Hi

Can you ssh at all into the machine? Is sshd started?

Code:
#service sshd status
Also perhaps your firewall blocks this traffic?
 
Old 07-25-2010, 04:58 PM   #3
kemot1000
LQ Newbie
 
Registered: Jun 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Yes I can ssh with local users. Firewall is disabled so this is not blocking traffic
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows 2003 Domain Users Unable to access Windows Xp Clients Local Hard drive sheikptcs1984 General 2 04-11-2010 01:22 PM
[SOLVED] pam_listfile to limit users domain users SSH access r3z Linux - Enterprise 5 09-19-2009 02:25 AM
join RHEL WS 4.6 workstation to SBS 2003 domain grumble99 Linux - Enterprise 2 04-14-2008 11:15 AM
Winbind will not authenticate new 2003 domain users kaiser.jd Linux - Networking 2 04-09-2006 09:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration