Sorry for my English.
1. The ldap server I am using was established by my colleagues. There are several ldap clients (using nslcd) that work well.
2. I am building a new workstation with CentOS7. sssd is used rather than nslcd. I used
to config ldap, with the same options as other clients'. (without TLS)
3. ssh login with RSA keys works well, but with UNIX password fails. /var/log/secure says:
Code:
Aug 27 16:31:13 boron sshd[14034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.100.231 user=zhaoj
Aug 27 16:31:13 boron sshd[14034]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "zhaoj"
Aug 27 16:31:15 boron sshd[14034]: Failed password for zhaoj from 172.16.100.231 port 50852 ssh2
Aug 27 16:31:18 boron sshd[14034]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "zhaoj"
Aug 27 16:31:21 boron sshd[14034]: Failed password for zhaoj from 172.16.100.231 port 50852 ssh2
Aug 27 16:31:23 boron sshd[14034]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "zhaoj"
Aug 27 16:31:25 boron sshd[14034]: Failed password for zhaoj from 172.16.100.231 port 50852 ssh2
Aug 27 16:31:25 boron sshd[14034]: Connection closed by 172.16.100.231 [preauth]
Aug 27 16:31:25 boron sshd[14034]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.100.231 user=zhaoj
I logged in with RSA keys, and then tried
I was told that password was wrong:
Code:
sudo: 3 incorrect password attempts
/var/log/secure says:
Code:
Aug 27 16:29:04 boron sudo: pam_sss(sudo:auth): authentication failure; logname=zhaoj uid=523 euid=0 tty=/dev/pts/0 ruser=zhaoj rhost= user=zhaoj
Aug 27 16:29:04 boron sudo: pam_sss(sudo:auth): received for user zhaoj: 6 (Permission denied)
4. It looks like that I forgot my password. But that's not the case.
Is it the problem of my configuration of ldap, sssd, or pam?
Any hints, suggestions, clues will be welcomed.
Thank you for reading.
======= New 2014.08.28 06:15:53 UTC ==================
I tested "ldapsearch" which needs ldap administrator's password and it worked. Can I say that my ldap configuration is correct?
If it is, so should I concentrate on sssd or pam?