ldap+sssd: login with RSA keys succeeds, but with UNIX password fails
Sorry for my English.
1. The ldap server I am using was established by my colleagues. There are several ldap clients (using nslcd) that work well. 2. I am building a new workstation with CentOS7. sssd is used rather than nslcd. I used Code:
authconfig-tui 3. ssh login with RSA keys works well, but with UNIX password fails. /var/log/secure says: Code:
Aug 27 16:31:13 boron sshd[14034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.100.231 user=zhaoj Code:
sudo ls Code:
sudo: 3 incorrect password attempts Code:
Aug 27 16:29:04 boron sudo: pam_sss(sudo:auth): authentication failure; logname=zhaoj uid=523 euid=0 tty=/dev/pts/0 ruser=zhaoj rhost= user=zhaoj Is it the problem of my configuration of ldap, sssd, or pam? Any hints, suggestions, clues will be welcomed. Thank you for reading. ======= New 2014.08.28 06:15:53 UTC ================== I tested "ldapsearch" which needs ldap administrator's password and it worked. Can I say that my ldap configuration is correct? If it is, so should I concentrate on sssd or pam? |
I think it told you plainly:
Quote:
But, FYI, in any case, you don't want to use passwords anyhow. You always want to use certificates and to exclude the possibility of using passwords. |
Quote:
1. I guess it isn't the problem of "uid >=1000". Because of two things: 1.1 Once I changed 1000 to 500 in file /etc/pam.d/*-auth and restarted sssd, and then the message line of "uid" disappeared, but the line of "Failed password " was still there. 1.2 I googled this, and another guy said "uid >=1000" was just a warning message. But still, I am not quite sure about this. 2. Sometimes people need "sudo", which needs passwords. Any other clues? |
All times are GMT -5. The time now is 06:19 AM. |