ldap system authentication

Sat, 22 Oct 2005 04:01:01 -0700 

Hello list,

I'm trying to setup openldap system account's authenticantion.
I have installed

openssh-server-4.2p1-1tr
nss_ldap-220-2tr
pam_ldap-175-2tr

I've used migrate_all_online script to migrate system accounts to
ldap. My configuration files:

/etc/ldap.conf

host localhost
base dc=bryndzel,dc=org
port 389
scope one
nss_base_passwd         ou=People,dc=bryndzel,dc=org?one
nss_base_shadow         ou=People,dc=bryndzel,dc=org?one
nss_base_group          ou=Group,dc=bryndzel,dc=org?one
ssl no
pam_password md5

/etc/nsswitch.conf

passwd:     files ldap
shadow:     files ldap
group:      files ldap


/etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so debug use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore 
system_err=ignore] /lib/security/pam_ldap.so debug

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 
shadow
password    sufficient    /lib/security/pam_ldap.so debug use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so debug


These files was created using `authconfig`.

I have a test user stoded on ldap. Everything seems to woks  fine:

((root::bryndzel))(~)# cat /etc/passwd |grep testuser
((root::bryndzel))(~)# id testuser
uid=520(testuser) gid=100(users) groups=100(users)
((root::bryndzel))(~)# getent passwd |grep testuser
testuser:x:520:100:testuser:/home/users/testuser:/bin/bash
((root::bryndzel))(~)#


And the main problem is that i can't connect to host using sshd.
I have use pam enabled on sshd_config. ssh tell me that the
password is wrong for testuser.

thanks for any help






_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to