Failing to log into ssh via ldap auth. Pam Problem?
I have a server that has slapd running, I have populated it with users,password, etc.
I have configured another machine to query the ldap database users.
so if try to ssh to the ssh machine i get the following
[root@machine1 etc]#ssh -l tom 10.0.0.2
tom@10.0.0.2's password: #I type in wrong password.
Permission denied, please try again.
tom@10.0.0.2's password: # I type in right password
Connection closed by 10.0.0.2
Thus this tells me that the authentication is taking place, but something after the authentication is throwing me out.
I have the following /etc/pam.d/ssh file on the ssh server machine...
#%PAM-1.0
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_pwdb.so shadow nodelay
account sufficient pam_ldap.so
account required pam_pwdb.so
password required pam_cracklib.so
password required pam_pwdb.so shadow nullok use_authtok
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_pwdb.so
I do have another problem as well, that might be related:
When I try and su to user "tom" it does not work with the pam_mkhomedir in the pam file...
For example:
[root@machine2 root]# su tom
Creating directory '/home/tom'.
could not open session
The /home/tom directory is not created.
I have the following /etc/pam.d/system_auth
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_succeed_if.so uid < 100
account required /lib/security/pam_unix.so
password requisite /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
When I comment out the pam_mkhomedir line, I can su to another user.
Any help would be erm... helpfull.
Kind Regards
Christiaan Ehlers
|