----- Original Message ----- From: "Adi Nugraha" <[EMAIL PROTECTED]> To: <tanya-jawab@linux.or.id> Sent: Wednesday, May 11, 2005 5:32 PM Subject: Re: [tanya-jawab] login user dari ssh dengan backend LDAP
> Udah aku coba ganti ke pam.d/sshdnya tapi sama aja tuh, pam_pwcheck dari > mana ya ??? soalnya aku settingan pertama ngikutin samba guide disitu dia > ada settingan untuk pam module supaya bisa authenticate pake LDAP dan memang > bekerja, cuma ssh nya doang yang engga bekerja dan ini ada lagi error lognya > kalo enggak pake pam_pwchecknya bilanganya permission denied ( ini pake > account local, jadi engga hubungin ldap kan harusnya??) > > May 11 17:31:50 unicorn sshd(pam_unix)[20772]: auth could not identify > password for [it] > May 11 17:31:51 unicorn sshd(pam_unix)[20772]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=it > May 11 17:31:53 unicorn sshd[20772]: Failed password for it from > ::ffff:192.168.88.192 port 2401 > May 11 17:31:57 unicorn sshd[20772]: Failed password for it from > ::ffff:192.168.88.192 port 2401 > May 11 17:31:59 unicorn sshd[20772]: Accepted password for it from > ::ffff:192.168.88.192 port 2401 > May 11 17:31:59 unicorn pam_limits[20775]: setrlimit 11 to -1073754428 > failed: Operation not permitted > May 11 17:31:59 unicorn sshd(pam_unix)[20775]: session opened for user it by > (uid=501) > May 11 17:31:59 unicorn sshd[20775]: fatal: PAM session setup failed[6]: > Permission denied dan ini hasil dari getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/sh daemon:x:2:2:daemon:/sbin:/bin/sh adm:x:3:4:adm:/var/adm:/bin/sh lp:x:4:7:lp:/var/spool/lpd:/bin/sh sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/bin/sh news:x:9:13:news:/var/spool/news:/bin/sh uucp:x:10:14:uucp:/var/spool/uucp:/bin/sh operator:x:11:0:operator:/var:/bin/sh games:x:12:100:games:/usr/games:/bin/sh nobody:x:65534:65534:Nobody:/:/bin/sh rpm:x:13:101:system user for rpm:/var/lib/rpm:/bin/false vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpc:x:70:70:system user for portmap:/:/bin/false xfs:x:71:71:system user for XFree86:/etc/X11/fs:/bin/false apache:x:72:72:system user for apache2:/var/www:/bin/sh postfix:x:73:73:system user for postfix:/var/spool/postfix:/bin/false rpcuser:x:74:74:system user for nfs-utils:/var/lib/nfs:/bin/false sshd:x:75:75:system user for openssh:/var/empty:/bin/true ftp:x:76:76:system user for proftpd:/var/ftp:/bin/false postgres:x:77:77:system user for postgresql:/var/lib/pgsql:/bin/bash it:x:501:501:it:/home/it:/bin/bash ldap:x:78:78:system user for openldap:/var/lib/ldap:/bin/false squid:x:79:79:system user for squid:/var/spool/squid:/bin/false oracle:x:1005:1002::/home/oracle:/bin/bash root:x:0:512:Netbios Domain Administrator:/home:/bin/false nobody:x:999:514:nobody:/dev/null:/bin/false adi:x:1000:1000:System User:/home/adi:/bin/bash unicorn$:x:1001:553:unicorn$:/dev/null:/bin/false vpc1$:x:1002:553:vpc1$:/dev/null:/bin/false lia:x:1003:1000:System User:/home/lia:/bin/bash kris:x:1004:513:System User:/home/kris:/bin/bash westindo-tn67te$:x:1006:553:westindo-tn67te$:/dev/null:/bin/false eni:x:1007:513:System User:/home/eni:/bin/bash westindo-elvhtz$:x:1008:553:westindo-elvhtz$:/dev/null:/bin/false henry:x:1009:513:System User:/home/henry:/bin/bash aby:x:1011:1004:System User:/home/aby:/bin/bash novita:x:1012:1004:System User:/home/novita:/bin/bash ratih:x:1013:1004:System User:/home/ratih:/bin/bash fini:x:1014:1004:System User:/home/fini:/bin/bash l2sdm04$:x:1015:553:l2sdm04$:/dev/null:/bin/false pc24$:x:1010:553:pc24$:/dev/null:/bin/false pc082$:x:1016:553:pc082$:/dev/null:/bin/false pc066$:x:1017:553:pc066$:/dev/null:/bin/false pc086$:x:1018:553:pc086$:/dev/null:/bin/false pc019$:x:1019:553:pc019$:/dev/null:/bin/false pc057$:x:1020:553:pc057$:/dev/null:/bin/false kriswanto:x:1021:513:System User:/home/kriswanto:/bin/bash pony:x:1022:513:System User:/home/pony:/bin/bash nia:x:1023:513:System User:/home/nia:/bin/bash eko:x:1024:513:System User:/home/eko:/bin/bash nofianto:x:1025:513:System User:/home/nofianto:/bin/bash edis:x:1026:513:System User:/home/edis:/bin/bash maria:x:1027:513:System User:/home/maria:/bin/bash imron:x:1028:513:System User:/home/imron:/bin/bash aris:x:1029:513:System User:/home/aris:/bin/bash berna:x:1030:513:System User:/home/berna:/bin/bash susanna:x:1031:513:System User:/home/susanna:/bin/bash lucia:x:1032:513:System User:/home/lucia:/bin/bash linda:x:1033:513:System User:/home/linda:/bin/bash monika:x:1034:513:System User:/home/monika:/bin/bash nurvina:x:1035:1001:System User:/home/nurvina:/bin/bash melia:x:1037:1001:System User:/home/melia:/bin/bash mariam:x:1038:1001:System User:/home/mariam:/bin/bash susan:x:1039:1001:System User:/home/susan:/bin/bash effendi:x:1040:1001:System User:/home/effendi:/bin/bash imelda:x:1041:1008:System User:/home/imelda:/bin/bash ana:x:1042:1008:System User:/home/ana:/bin/bash lim_agus:x:1043:1008:System User:/home/lim_agus:/bin/bash henny:x:1044:1009:System User:/home/henny:/bin/bash veronica:x:1045:1009:System User:/home/veronica:/bin/bash lisia:x:1046:1009:System User:/home/lisia:/bin/bash yesilia:x:1047:1009:System User:/home/yesilia:/bin/bash yurika:x:1048:1009:System User:/home/yurika:/bin/bash yunita:x:1049:1009:System User:/home/yunita:/bin/bash alexander:x:1050:1009:System User:/home/alexander:/bin/bash eniwanti:x:1051:1009:System User:/home/eniwanti:/bin/bash suganda:x:1052:1010:System User:/home/suganda:/bin/bash eli:x:1053:1010:System User:/home/eli:/bin/bash aquina:x:1054:1010:System User:/home/aquina:/bin/bash asnah:x:1055:1010:System User:/home/asnah:/bin/bash siska:x:1056:1010:System User:/home/siska:/bin/bash yulianah:x:1036:1001:System User:/home/yulianah:/bin/bash esti:x:1057:513:System User:/home/esti:/bin/bash anovia:x:1058:513:System User:/home/anovia:/bin/bash suwandono:x:1059:513:System User:/home/suwandono:/bin/bash ade_suhendar:x:1060:513:System User:/home/ade_suhendar:/bin/bash pc012$:x:1061:553:pc012$:/dev/null:/bin/false pc040$:x:1062:553:pc040$:/dev/null:/bin/false pc117$:x:1063:553:pc117$:/dev/null:/bin/false erwan:x:1064:513:System User:/home/erwan:/bin/bash jeffry:x:1065:513:System User:/home/jeffry:/bin/bash l2ka09$:x:1066:553:l2ka09$:/dev/null:/bin/false pc042$:x:1068:553:pc042$:/dev/null:/bin/false vina$:x:1069:553:vina$:/dev/null:/bin/false pc073$:x:1070:553:pc073$:/dev/null:/bin/false l2ka19$:x:1071:553:l2ka19$:/dev/null:/bin/false pc079$:x:1072:553:pc079$:/dev/null:/bin/false pc095$:x:1073:553:pc095$:/dev/null:/bin/false pc015$:x:1074:553:pc015$:/dev/null:/bin/false pc091$:x:1075:553:pc091$:/dev/null:/bin/false pc108$:x:1076:553:pc108$:/dev/null:/bin/false pclia$:x:1077:553:pclia$:/dev/null:/bin/false pc046$:x:1078:553:pc046$:/dev/null:/bin/false pc041$:x:1079:553:pc041$:/dev/null:/bin/false pc020$:x:1080:553:pc020$:/dev/null:/bin/false pc033$:x:1081:553:pc033$:/dev/null:/bin/false newfeli$:x:1082:553:newfeli$:/dev/null:/bin/false pc083$:x:1083:553:pc083$:/dev/null:/bin/false pc000$:x:1084:553:pc000$:/dev/null:/bin/false pc118$:x:1085:553:pc118$:/dev/null:/bin/false nico:x:1067:1001:System User:/home/nico:/bin/bash pc125$:x:1086:553:pc125$:/dev/null:/bin/false test-a530bdc$:x:1087:553:test-a530bdc$:/dev/null:/bin/false pcnico$:x:1088:553:pcnico$:/dev/null:/bin/false dari account root yang kedua itu semuanya account yang hanya ada di LDAP, kalo kenapa ada root 2 itu karena account nya diperluklan untuk menjoin kompute r ke domainnya samba makanya dibuatin satu lagi deh TIA > > > ----- Original Message ----- > From: "Cecep Mahbub" <[EMAIL PROTECTED]> > To: <tanya-jawab@linux.or.id> > Sent: Wednesday, May 11, 2005 4:05 PM > Subject: Re: [tanya-jawab] login user dari ssh dengan backend LDAP > > > > Adi Nugraha wrote: > > > > [...] > > > > > dan ini error log di /var/log/auth.log untuk user di lokal > > > > > > May 11 15:21:07 unicorn sshd[19344]: PAM unable to > > > dlopen(/lib/security/pam_pwcheck.so) > > > May 11 15:21:07 unicorn sshd[19344]: PAM [dlerror: > > > /lib/security/pam_pwcheck.so: cannot open shared object file: No such > file > > > or directory] > > > > sudah jelas kan? errornya karena file /lib/security/pam_pwcheck.so tidak > > ada. belum diinstall? > > > > > bahian modul pam_pwchecknya udah saya coba di quote engga bisa juga > > > > > > terus ini error untuk user LDAP > > > > > > May 11 15:24:11 unicorn sshd(pam_unix)[19360]: auth could not identify > > > password for [adi] > > > May 11 15:24:11 unicorn sshd(pam_unix)[19360]: check pass; user unknown > > > May 11 15:24:11 unicorn sshd(pam_unix)[19360]: authentication failure; > > > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 > > > > log ini juga sudah jelas. error ada di bagian pam_unix. kenapa? karena > > di settingan /etc/pam.d/sshd > > > > password required pam_pwcheck.so nullok > > password required pam_ldap.so use_first_pass use_authtok > > password required pam_unix.so nullok use_first_pass use_authtok > > > > anda setting semuanya required. harusnya yang bagian awal anda setting > > sufficient. baca lagi tentang pam yah ... > > > > > > sepertinya, settingan /etc/pam.d/system-auth sudah betul. kenapa harus > > ditambah lagi di /etc/pam.d/sshd > > > > coba yang di /etc/pam.d/sshd ganti menjadi: > > > > auth required pam_stack.so service=system-auth > > auth required pam_nologin.so > > account required pam_stack.so service=system-auth > > password required pam_stack.so service=system-auth > > session required pam_stack.so service=system-auth > > > > > > -Cecep- > > > > -- > > Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] > > Arsip, FAQ, dan info milis di http://linux.or.id/milis > > Tidak bisa posting? Baca: > > http://linux.or.id/problemmilis > > http://linux.or.id/tatatertibmilis > > > > > > > -- > Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] > Arsip, FAQ, dan info milis di http://linux.or.id/milis > Tidak bisa posting? Baca: > http://linux.or.id/problemmilis > http://linux.or.id/tatatertibmilis > > -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis Tidak bisa posting? Baca: http://linux.or.id/problemmilis http://linux.or.id/tatatertibmilis
