LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 09-02-2011, 12:48 AM   #1
sheelavantar
Member
 
Registered: Aug 2010
Posts: 69

Rep: Reputation: 1
SSHD login authentication failed with LDAP


Hi Friends,

I have a openldap server running on one machine (fedora10) and pam_ldap.so and nss_ldap.so running on the other machine.

I have added a new user to the LDAP server database, this user is not created on client machine.

1. Now if i try logging with this new user using SSHD I am getting error messages, the error messages are as follows at client side
2. Why SSH is giving errors for these users??
3. SSH will send "INCORRECT" password to LDAP if i create only user on client machine. how can i authenticate users using LDAP without creating accounts on client machine?

Sep 2 10:34:36 localhost sshd[8484]: Invalid user kim from 10.254.194.148
Sep 2 10:34:36 localhost sshd[8485]: input_userauth_request: invalid user kim

Sep 2 10:35:16 localhost sshd[8484]: pam_ldap: error trying to bind as user "cn=min soo,ou=people,dc=samsung,dc=com" (Invalid credentials)
Sep 2 10:35:16 localhost sshd[8484]: pam_succeed_if(sshd:auth): error retrieving information about user kim
Sep 2 10:35:16 localhost sshd[8484]: Failed password for invalid user kim from 10.254.194.148 port 52652 ssh2

Kindly let me know is it a limitation with LDAP ???
 
Old 09-02-2011, 01:47 AM   #2
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 248Reputation: 248Reputation: 248
Greetingz!

"Kindly let me know is it a limitation with LDAP ???"

Just because a user has been setup in LDAP for authentication, does not mean you've authorized that user to login to anything that can query the LDAP.

If this is the first server and first user you're trying to setup via LDAP, I'd suggest you go back and read the OpenLDAP documentation.

You might also want to consider a newer version of Fedora (15 was released some time ago). If Fedora's too flaky for you (or if this is not a test system), then I can understand hesitation to upgrade (in which case, I would suggest changing distributions to something a lot more stable....like CentOS).

You might want to make sure your system can actually query the LDAP before you attempt a login.
Take a crack at this guide.
 
Old 09-02-2011, 02:12 AM   #3
sheelavantar
Member
 
Registered: Aug 2010
Posts: 69

Original Poster
Rep: Reputation: 1
solved my problem.

I used this below command and selected LDAP option.
env LANG=C authconfig-tui.

This will make necessary configuration changes to /etc/nsswitch.conf file, which is responsible for selecting from where the user and password needs to be checked(locally /etc/passwd file or LDAP server).

Thank you.

Warm Regards,
Vijay S.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] LDAP server, user authentication password Failed sheelavantar Linux - Server 1 08-30-2011 12:35 AM
Kerberos/LDAP Desktop Login - Authentication failure erick.brown Linux - Server 3 06-27-2011 11:09 AM
Ubuntu 10.04 LDAP authentication, can't login to gui kschmitt Linux - Desktop 3 06-07-2010 10:38 AM
PHP Login through LDAP Authentication?? ajeetraina Programming 2 05-12-2008 07:07 AM
LDAP Authentication - no Gnome login possible azrael808 Linux - Software 3 01-11-2007 05:43 AM


All times are GMT -5. The time now is 04:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration