[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ssh with ldap authentication

To: <openldap-technical@openldap.org>
Subject: RE: ssh with ldap authentication
From: "Rodney Simioni" <rodney.simioni@verio.net>
Date: Wed, 6 Mar 2013 16:49:34 -0500
Content-class: urn:content-classes:message
Importance: normal
In-reply-to: <21CB05CFA5F4A9A716603120@[192.168.1.26]>
References: <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2E86@IAD-WPRD-XCHB03.corp.verio.net> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2EA2@IAD-WPRD-XCHB03.corp.verio.net> <51377B66.6030104@symas.com> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2EDA@IAD-WPRD-XCHB03.corp.verio.net> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2F1C@IAD-WPRD-XCHB03.corp.verio.net> <EEBB383B1D4947FF5A41BDD7@[192.168.1.26]> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2F2D@IAD-WPRD-XCHB03.corp.verio.net> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB2F38@IAD-WPRD-XCHB03.corp.verio.net> <21CB05CFA5F4A9A716603120@[192.168.1.26]>
Thread-index: Ac4asnKTYtxzisacRfiQv3zQjuOtMgAAbVzg
Thread-topic: ssh with ldap authentication

You're correct, I used ldapwhoami with the proper passwd and it came back:

root@rodster home]# ldapwhoami -h localhost -D "uid=egghead2,ou=people,dc=wh,dc=local" -w xxxx
dn:uid=egghead2,ou=people,dc=wh,dc=local

I'm using sssd but I disabled nscd, I will read documentation on both. I'm the meantime if you have tips about sssd and nscd, let me know, thanks again.

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] 
Sent: Wednesday, March 06, 2013 4:35 PM
To: Rodney Simioni; openldap-technical@openldap.org
Subject: RE: ssh with ldap authentication

--On Wednesday, March 06, 2013 3:36 PM -0500 Rodney Simioni <rodney.simioni@verio.net> wrote:

> After I create the account and try to ssh in, I get:
> send_ldap_response: msgid=3 tag=97 err=49.
>
> I think err=49 means invalid credentials.
> But in a few hours, this account will work.

You should be using "ldapwhomai" to bind as the user and verify whether or not that works.  If it does, then you have something like nscd caching the account list, even if you think you've disabled it.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free.  Thank you.

References:
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- Re: ssh with ldap authentication
  - From: Howard Chu <hyc@symas.com>
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- RE: ssh with ldap authentication
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- RE: ssh with ldap authentication
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- RE: ssh with ldap authentication
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: RE: ssh with ldap authentication
Next by Date: shadowLastChange missing after update
Index(es):
- Chronological
- Thread