[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication Confusion



I don't say this as some sort of excuse because I've been reading
everything I can find about this.  However, I am very new to OpenLDAP and
LDAP in general.

I'm having problems authenticating against my LDAP.  I'm running Debian
Sarge, and have compiled OpenLDAP v 2.1.22 from source.

I've added an initial user ('test'), and created the password as follows:

# slappasswd -h {crypt} -s test
{CRYPT}opakS9olxszH.

Then, I created a file called modify.txt which contains the following:

dn: uid=test,ou=People,dc=test,dc=org
changetype: modify
replace: userPassword
userPassword: {CRYPT}opakS9olxszH.

and executed:

# ldapmodify -x -D 'cn=Manager,dc=test,dc=org' -w secret -h ldap.test.org
-f modify.txt

Using gq, I verified that the password had been updated.

For a simple test, I chose ssh2. So, on the server (which hosts my LDAP),
I created /etc/pam.d/ssh2.  Here's its contents:

# PAM configuration for the Secure Shell service
auth       required     pam_nologin.so
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
account     sufficient    /lib/security/pam_ldap.so
password    sufficient    /lib/security/pam_ldap.so use_authtok
session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0
session     optional      /lib/security/pam_ldap.so

That's cargo-cult.  I copied it from a fairly generic HOWTO, and don't
really understand everything in it yet.

I cat'd the same thing to the end of /etc/pam.d/login (cat ssh2 >> login).
 I don't believe this was necessary, but I'm still somewhat unclear on
PAM.

>From the client, when I execute:

# ssh2 -l test test.org

it asks me for my password three times.  All three fail authentication. 
The only thing I can find regarding the failure is /var/log/auth.log,
which simply states

Dec 18 18:56:22 test sshd2[444]: connection from "192.168.7.175"
Dec 18 18:56:28 test sshd2[13768]: password authentication failed. Login
to account test not allowed or account non-existent.
Dec 18 18:56:44 test last message repeated 2 times
Dec 18 18:56:46 test sshd2[13768]: Remote host disconnected: No further
authentication methods available.
Dec 18 18:56:46 test sshd2[13768]: no more authentication methods on
remote: 'No further authentication methods available.'

As a side note, the user 'test' does not exist locally on the server.  But
if I

# useradd test
useradd: user test exists

so the system is definitely trying to use OpenLDAP.

I feel as though I'm missing something pretty obvious, but I'm not sure
where I've gone wrong.  Any criticisms, suggestions or otherwise are much
appreciated.  If I've not included any needed information, just let me
know.  Or, if anyone knows of a HOWTO specific to Debian (particularly as
it concerns PAM), I'd appreciate the link.

Thanks.
--
Steve
------------------------------------------
http://www.exitwound.org    : hard to find
http://www.buckowensfan.com : he's the man
------------------------------------------
There are three things men can do with
women: love them, suffer for them, or turn
them into literature. -- Stephen Stills
------------------------------------------