Thanks for the reply. I can login to the console but not to thin cleints. Since I use Edubuntu the thin clients use LDM (SSH). I have the /etc/pam.d/ssh file setup to authenticate users via the pam_ncp_auth.so file. The authentication is attempted but fails with the error "(-669) Invalid password", this is logged to /var/log/auth.log because I have the module set to debug logging.
Everything that I have read seems to point to a problem with SSH looking for a local account first and failing if one does not exist. With the NCP module it authenticates the user, then creates a local account and maps the users home directory. I used this line in the ssh file: # auth sufficient /lib/security/pam_ncp_auth.so try_first_pass -d -a -u10000,50000,f,c ndsserver=10.10.50.1:a5do.adm.acsd5 -a -L -zATX -A # This is what I see in the /var/log/auth.log: # Feb 21 20:48:39 EduBuntuLTSP sshd[7503]: Invalid user di from 10.10.60.117 Feb 21 20:48:39 EduBuntuLTSP sshd[7503]: Failed none for invalid user di from 10.10.60.117 port 43683 ssh2 Feb 21 20:48:41 EduBuntuLTSP sshd[7503]: (pam_unix) check pass; user unknown Feb 21 20:48:41 EduBuntuLTSP sshd[7503]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.60.117 Feb 21 20:48:41 EduBuntuLTSP pam_ncp_auth[7503]: using server 10.10.50.1 ctxs a5do.adm.acsd5 group (null) Feb 21 20:48:41 EduBuntuLTSP pam_ncp_auth[7503]: nw_create_verify_conn_to_tree: trying to resolve di.a5do.adm.acsd5 Feb 21 20:48:41 EduBuntuLTSP pam_ncp_auth[7503]: trying to login as di.a5do.adm.acsd5 Feb 21 20:48:44 EduBuntuLTSP pam_ncp_auth[7503]: Invalid password (-669) when trying to login Feb 21 20:48:44 EduBuntuLTSP pam_ncp_auth[7503]: final PAM retval 7 # -----Original Message----- From: John Lucas [mailto:[EMAIL PROTECTED] Sent: Thu 2/22/2007 9:19 AM To: ltsp-discuss@lists.sourceforge.net Cc: Willis, Ben Subject: Re: [Ltsp-discuss] LTSP (Edubuntu) Netware Authentication On Wednesday 21 February 2007 23:00, Willis, Ben wrote: > I'm attempting to get Edubuntu to authenticate my thin clients against my > Netware NDS servers using pam_ncp_auth.so > > I have my server authenticating logins and even creating users on the fly > but the thin clients refuse to work. I assume that this is because the ssh > session is not authenticating via NCP as well. It will log into an account > that already exists on the server though. > Servers don't authenticate, users do. I assume you mean that performing login on the console works, but logins from terminals do not?? > While testing Ive used a simple ssh session into the server with an account > that does not yet exist on the server. I can see in the /var/log/auth.log > file that the authentication attempt is made but I get an error that the > password is incorrect (of course it is correct). > What login manager are you using? Since you mention ssh, could it be LDM? If so, check your /etc/pam.d/sshd file to see if it is correct and uses the pam_ncp_auth.so correctly. -- "History doesn't repeat itself; at best it rhymes." - Mark Twain | John Lucas [EMAIL PROTECTED] | | St. Thomas, VI 00802 http://mrjohnlucas.googlepages.com/ | | 18.3°N, 65°W AST (UTC-4) | ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
