Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 08-13-2009, 09:08 AM   #1
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86

Rep: Reputation: 15
Exclamation ssh hangs - openldap authentication


Here is the result of trying to ssh from a machine to an openldap client:

debug1: Host '' is known and matches the RSA host key.
debug1: Found key in /Users/mtimbro/.ssh/known_hosts:30
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/mtimbro/.ssh/identity (0x0)
debug2: key: /Users/mtimbro/.ssh/id_rsa (0x0)
debug2: key: /Users/mtimbro/.ssh/id_dsa (0x0)
Connection closed by

It just hangs there and disconnects.

Here are the configuration files:


[root@vm6-webu1 ~]# cat /etc/openldap/ldap.conf
# LDAP Defaults

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=example, dc=com
URI ldaps://
TLS_CACERT /etc/openldap/certs/cacert.pem

#DEREF never

Result of ldapsearch is accurate and speedy. It connects perfectly to the ldap server and spits out all the entries. Mind you, I use a self-signed certificate.

[root@vm6-webu1 ~]# cat /etc/pam.d/system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required
auth sufficient nullok try_first_pass
auth requisite uid >= 500 quiet
auth sufficient use_first_pass
auth required

account required
account sufficient
account sufficient uid < 500 quiet
account [default=bad success=ok user_unknown=ignore]
account required

password requisite try_first_pass retry=3
password sufficient md5 shadow nullok try_first_pass use_authtok
password sufficient use_authtok
password required

session optional revoke
session required
session required skel=/etc/skel umask=0077
session [success=1 default=ignore] service in crond quiet use_uid
session required
session optional

I think I may have a problem in this file although my pam skills aren't great.

Please help me out this is the last step before completion of this project.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
System Authentication using openldap jpsingh Linux - Server 4 12-19-2006 10:33 PM
regarding openldap authentication Bharatsoni Linux - Enterprise 0 08-16-2006 04:59 AM
openldap authentication sunhui Linux - Software 1 08-03-2006 09:09 PM
OpenLDAP Authentication error paul_mat Linux - Networking 1 07-18-2005 12:48 AM
SSH authentication hangs dominant Linux - Security 3 08-22-2004 02:12 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:13 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration