[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH and LDAP problem

To: Jeff Gamsby <JFGamsby@lbl.gov>
Subject: Re: SSH and LDAP problem
From: tsg <tsg@bugalux.com>
Date: Wed, 7 Jan 2004 19:08:49 +0100
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <3FFC431A.5070105@lbl.gov>
Organization: bugalux
References: <3FF96816.1020708@openwired.net> <3FFBCC87.3060707@openwired.net> <3FFC431A.5070105@lbl.gov>
User-agent: KMail/1.5.4

Is root allowed to log via ssh in your system? Normally - not!
look at " PermitRootLogin no" at sshd_conf
Sergios

7 Январь 2004 18:34, Jeff Gamsby написал:
> I had the same problem. Try putting UsePAM=yes into sshd_config. I am
> running RedHat 9.
>
> David Moron wrote:
> > The PAMAuthenticationViaKbdInt is set to 'yes' but it doesn't work.
> >
> > Why when I start slapd root can't login via ssh if root is in
> > /etc/passwd!?
> > In nsswitch.conf I define first 'files' and then 'ldap'. It's a very
> > extrange problem.
> >
> > Thank you.
> >
> > David Morn Ruano
> >
> > L Nehring wrote:
> >> I may have missed your previous post, but have you tried setting this
> >> line  /etc/ssh/sshd_config?
> >>
> >> PAMAuthenticationViaKbdInt yes
> >>
> >> This is what it took so that my ldap users could authenticate using
> >> SSH without being listed in /etc/passwd.  There is a warning comment
> >> in the sshd_config file about this setting, but in my case it does
> >> not affect my security model.
> >>
> >> r,
> >> Lance
> >> http://www.newparticles.com/
> >>
> >> David Moron wrote:
> >>> Craig White wrote:
> >>>> On Mon, 2004-01-05 at 06:35, David Moron wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I,ve installed openldap 2.1.25 on a Debian 3.0 in order to
> >>>>> authenticate the users with PAM.
> >>>>> I configured all the services (proftpd, su, passwd ,etc) in order
> >>>>> to use PAM to access the ldap server and they work properly. When
> >>>>> I try using ssh:
> >>>>> - If the user is in /etc/passwd: ssh asks for password and then
> >>>>> closes the connection:
> >>>>>         #ssh -l admin 10.0.0.80
> >>>>>          admin@10.0.0.80's password:
> >>>>>          Connection closed by 10.0.0.80
> >>>>> - If the user is in the ldap: ssh closes the connection
> >>>>> directly:         #ssh -l testldap 10.0.0.80
> >>>>>       Connection closed by 10.0.0.80
> >>>>> - When I stop the ldap then I con login via ssh as a /etc/passwd
> >>>>> user without problems.
> >>>>
> >>>> ---
> >>>> sounds like the ldap user doesn't have a valid shell to operate in...
> >>>>
> >>>> getent passwd |grep admin
> >>>>
> >>>> admin in /etc/passwd has a valid shell /bin/sh ?
> >>>> admin in ldap has invalid shell or no shell at all
> >>>>
> >>>> just a guess
> >>>>
> >>>> Craig
> >>>
> >>> It isn't the problem :-( because I can do:
> >>> $su - testldap
> >>> passwd:
> >>> testldap$ id
> >>> uid=1004(testldap) gid=1003(test) grupos=1003(test)
> >>> And the shell exists.
> >>>
> >>> Why when I start slapd root can't login via ssh!?  In nsswitch.conf
> >>> I define first 'files' and then 'ldap'
> >>>
> >>> My testldap user entry:
> >>> # testldap, People, openwired.net
> >>> dn: uid=testldap,ou=People,dc=openwired,dc=net
> >>> loginShell: /bin/bash <-- exists
> >>> sambaAcctFlags: [U          ]
> >>> gidNumber: 1003
> >>> uidNumber: 1004
> >>> objectClass: posixAccount
> >>> objectClass: shadowAccount
> >>> objectClass: account
> >>> objectClass: mailRecipient
> >>> uid: testldap
> >>> cn: testldap
> >>> homeDirectory: /home/testldap
> >>> shadowLastChange: 12422

Follow-Ups:
- Re: SSH and LDAP problem
  - From: David Moron <david.moron@openwired.net>

References:
- SSH and LDAP problem
  - From: David Moron <david.moron@openwired.net>
- Re: SSH and LDAP problem
  - From: David Moron <david.moron@openwired.net>
- Re: SSH and LDAP problem
  - From: Jeff Gamsby <JFGamsby@lbl.gov>

Prev by Date: Re: peername + openldap 2.2.4
Next by Date: RE: Do you have suggestions for LDAP book ?
Index(es):
- Chronological
- Thread