[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH and LDAP problem

I may have missed your previous post, but have you tried setting this line /etc/ssh/sshd_config?

PAMAuthenticationViaKbdInt yes

This is what it took so that my ldap users could authenticate using SSH without being listed in /etc/passwd. There is a warning comment in the sshd_config file about this setting, but in my case it does not affect my security model.


David Moron wrote:

Craig White wrote:

On Mon, 2004-01-05 at 06:35, David Moron wrote:


I,ve installed openldap 2.1.25 on a Debian 3.0 in order to authenticate the users with PAM.
I configured all the services (proftpd, su, passwd ,etc) in order to use PAM to access the ldap server and they work properly. When I try using ssh:
- If the user is in /etc/passwd: ssh asks for password and then closes the connection:
#ssh -l admin
admin@'s password:
Connection closed by
- If the user is in the ldap: ssh closes the connection directly: #ssh -l testldap
Connection closed by
- When I stop the ldap then I con login via ssh as a /etc/passwd user without problems.

--- sounds like the ldap user doesn't have a valid shell to operate in...

getent passwd |grep admin

admin in /etc/passwd has a valid shell /bin/sh ?
admin in ldap has invalid shell or no shell at all

just a guess


It isn't the problem :-( because I can do:
$su - testldap
testldap$ id
uid=1004(testldap) gid=1003(test) grupos=1003(test)
And the shell exists.

Why when I start slapd root can't login via ssh!? In nsswitch.conf I define first 'files' and then 'ldap'

My testldap user entry:
# testldap, People, openwired.net
dn: uid=testldap,ou=People,dc=openwired,dc=net
loginShell: /bin/bash <-- exists
sambaAcctFlags: [U          ]
gidNumber: 1003
uidNumber: 1004
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: mailRecipient
uid: testldap
cn: testldap
homeDirectory: /home/testldap
shadowLastChange: 12422