Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Trouble with pam_ldap and sshd (fixed but still have quest)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
SkyLeach
Apprentice
Apprentice


Joined: 05 Nov 2002
Posts: 177
Location: Knoxville, TN
PostPosted: Mon Aug 15, 2005 8:32 pm    Post subject: Trouble with pam_ldap and sshd (fixed but still have quest) Reply with quote
I've pseudo-followed the ldap gentoo authentication guide (http://www.gentoo.org/doc/en/ldap-howto.xml) to get my users and groups moved into ldap for my home network configuration. Everything appears to be correct in my various files and I can log in from tty0-5 but not via the ptys (sshd)

/etc/pam.d/system-auth
Code:
#%PAM-1.0

auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok shadow
auth       sufficient   pam_ldap.so use_first_pass
auth       required     pam_deny.so

account    required     pam_unix.so
account    sufficient   pam_ldap.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 ret
ry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   sufficient   pam_ldap.so use_authtok
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so
session    required     pam_mkhomedir.so skel=/etc/skel/ umask=0
session    optional     pam_ldap.so


My nonroot user for this example is skyleach. The user is in ldap and configured properly. I can log in on tty0-5 but not via sshd:

Code:

goliath ~ # getent passwd | grep skyleach
skyleach:x:1000:100:skyleach:/home/skyleach:
goliath ~ # grep skyleach /etc/passwd 
goliath ~ #
goliath ~ # ldapsearch -x -W -D uid=skyleach,ou=People,dc=gregory,dc=home "(uid=skyleach)" dn
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=skyleach)
# requesting: dn
#

# skyleach, People, gregory.home
dn: uid=skyleach,ou=People,dc=gregory,dc=home

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


So my question is, why can't I log in via ssh? I checked the pam sshd config:
/etc/pam.d/sshd
Code:

#%PAM-1.0

auth       required pam_stack.so service=system-auth
auth       required     pam_shells.so
auth     required pam_nologin.so
account    required pam_stack.so service=system-auth
password   required pam_stack.so service=system-auth
session    required pam_stack.so service=system-auth

and as you can see, it's using pam_stack to system-auth so it should be pulling in my ldap settings.

==== UPDATE ====
I used getent passwd | grep skyleach >> /etc/passwd to add my user information to passwd and then set my shell to /bin/bash
Code:

goliath ~ # getent passwd | grep skyleach >> /etc/passwd


and it fixed the problem. But I don't want to have to add all my users to passwd to manage them. I want my users to be managed via ldap. Am I missing something here? I thought this was supposed to solve this problem.
_________________
-SL

http://www.skyleach.org
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy