LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   SSHD login authentication failed with LDAP (https://www.linuxquestions.org/questions/linux-server-73/sshd-login-authentication-failed-with-ldap-900660/)

sheelavantar 09-02-2011 12:48 AM
SSHD login authentication failed with LDAP
 
Hi Friends,

I have a openldap server running on one machine (fedora10) and pam_ldap.so and nss_ldap.so running on the other machine.

I have added a new user to the LDAP server database, this user is not created on client machine.

1. Now if i try logging with this new user using SSHD I am getting error messages, the error messages are as follows at client side
2. Why SSH is giving errors for these users??
3. SSH will send "INCORRECT" password to LDAP if i create only user on client machine. how can i authenticate users using LDAP without creating accounts on client machine?

Sep 2 10:34:36 localhost sshd[8484]: Invalid user kim from 10.254.194.148
Sep 2 10:34:36 localhost sshd[8485]: input_userauth_request: invalid user kim

Sep 2 10:35:16 localhost sshd[8484]: pam_ldap: error trying to bind as user "cn=min soo,ou=people,dc=samsung,dc=com" (Invalid credentials)
Sep 2 10:35:16 localhost sshd[8484]: pam_succeed_if(sshd:auth): error retrieving information about user kim
Sep 2 10:35:16 localhost sshd[8484]: Failed password for invalid user kim from 10.254.194.148 port 52652 ssh2

Kindly let me know is it a limitation with LDAP ???

xeleema 09-02-2011 01:47 AM
Greetingz!

"Kindly let me know is it a limitation with LDAP ???"

Just because a user has been setup in LDAP for authentication, does not mean you've authorized that user to login to anything that can query the LDAP.

If this is the first server and first user you're trying to setup via LDAP, I'd suggest you go back and read the OpenLDAP documentation.

You might also want to consider a newer version of Fedora (15 was released some time ago). If Fedora's too flaky for you (or if this is not a test system), then I can understand hesitation to upgrade (in which case, I would suggest changing distributions to something a lot more stable....like CentOS).

You might want to make sure your system can actually query the LDAP before you attempt a login.
Take a crack at this guide.

sheelavantar 09-02-2011 02:12 AM
solved my problem.

I used this below command and selected LDAP option.
env LANG=C authconfig-tui.

This will make necessary configuration changes to /etc/nsswitch.conf file, which is responsible for selecting from where the user and password needs to be checked(locally /etc/passwd file or LDAP server).

Thank you.

Warm Regards,
Vijay S.


All times are GMT -5. The time now is 01:45 PM.