LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-13-2009, 09:08 AM   #1
mtimbro
Member
 
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86

Rep: Reputation: 15
Exclamation ssh hangs - openldap authentication


Hi,

Here is the result of trying to ssh from a machine to an openldap client:

....
debug1: Host '142.126.232.97' is known and matches the RSA host key.
debug1: Found key in /Users/mtimbro/.ssh/known_hosts:30
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/mtimbro/.ssh/identity (0x0)
debug2: key: /Users/mtimbro/.ssh/id_rsa (0x0)
debug2: key: /Users/mtimbro/.ssh/id_dsa (0x0)
Connection closed by 142.126.232.97

It just hangs there and disconnects.

Here are the configuration files:

Client:

[root@vm6-webu1 ~]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=example, dc=com
URI ldaps://example.com:636/
TLS_CACERT /etc/openldap/certs/cacert.pem
TLS_REQCERT allow

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

Result of ldapsearch is accurate and speedy. It connects perfectly to the ldap server and spits out all the entries. Mind you, I use a self-signed certificate.

[root@vm6-webu1 ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so

I think I may have a problem in this file although my pam skills aren't great.

Please help me out this is the last step before completion of this project.

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
System Authentication using openldap jpsingh Linux - Server 4 12-19-2006 10:33 PM
regarding openldap authentication Bharatsoni Linux - Enterprise 0 08-16-2006 04:59 AM
openldap authentication sunhui Linux - Software 1 08-03-2006 09:09 PM
OpenLDAP Authentication error paul_mat Linux - Networking 1 07-18-2005 12:48 AM
SSH authentication hangs dominant Linux - Security 3 08-22-2004 02:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration