LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-28-2004, 12:37 PM   #1
cehlers
LQ Newbie
 
Registered: Sep 2004
Posts: 1

Rep: Reputation: 0
Failing to log into ssh via ldap auth. Pam Problem?


I have a server that has slapd running, I have populated it with users,password, etc.

I have configured another machine to query the ldap database users.
so if try to ssh to the ssh machine i get the following

[root@machine1 etc]#ssh -l tom 10.0.0.2
tom@10.0.0.2's password: #I type in wrong password.
Permission denied, please try again.
tom@10.0.0.2's password: # I type in right password
Connection closed by 10.0.0.2

Thus this tells me that the authentication is taking place, but something after the authentication is throwing me out.

I have the following /etc/pam.d/ssh file on the ssh server machine...

#%PAM-1.0
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_pwdb.so shadow nodelay
account sufficient pam_ldap.so
account required pam_pwdb.so
password required pam_cracklib.so
password required pam_pwdb.so shadow nullok use_authtok
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_pwdb.so

I do have another problem as well, that might be related:
When I try and su to user "tom" it does not work with the pam_mkhomedir in the pam file...
For example:

[root@machine2 root]# su tom
Creating directory '/home/tom'.
could not open session

The /home/tom directory is not created.

I have the following /etc/pam.d/system_auth

auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so

account sufficient /lib/security/pam_succeed_if.so uid < 100
account required /lib/security/pam_unix.so

password requisite /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so

session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022

When I comment out the pam_mkhomedir line, I can su to another user.

Any help would be erm... helpfull.
Kind Regards
Christiaan Ehlers
 
Old 10-10-2004, 08:55 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Please add "debug" statements to the PAM config lines and retry.
Then could you please post relevant log lines?
Usually that'll help ppl to help you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pam LDAP client auth with multi OU's paul_mat Linux - Networking 0 11-02-2005 05:40 PM
pam.d/system-auth and LDAP? SheldonPlankton Linux - General 0 04-28-2005 02:11 PM
proftpd LDAP auth failing tisource Linux - Networking 1 03-30-2005 06:32 PM
PAM auth error with empty passphrase over SSH angrybeaver Linux - Software 0 09-12-2004 11:35 PM
openssh/PAM auth problem crippler909 Linux From Scratch 1 06-08-2003 12:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration