HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   user login via ssh doesn't work (http://www.howtoforge.com/forums/showthread.php?t=22433)

utopic_men 17th April 2008 11:46

user login via ssh doesn't work
 
Hy,

I've followed this very good howto "OpenLDAP + Samba Domain Controller On Ubuntu 7.10" under Debian etch.
All is working very well except one thing : I cannot connect to my server via ssh with "normal" user (previously added in ldap). with root, it works fine.
Some precisions :
* A winxp workstation joined to the created domain can use this account.
* I can also make a "su - useraccount" via ssh once connected with root account.
* my /var/log/auth.log file tells me that when auth fails :
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.19 user=username
pam_ldap: ldap_simple_bind Can't contact LDAP server
Failed password for username from 192.168.1.19 port 53572 ssh2


Please, help!

Thanx,
Utopic_men

topdog 17th April 2008 14:33

Seems like your ldap server is not running

utopic_men 17th April 2008 14:54

Firstly, thanks you answering me.

I confirm you that ldap server is running and working very well ("ps aux | grep ldap" confirm that).
I can make ldap-search, smbldap-**** commands, use phpldapadmin, ldap webmin fonctionnality.......

Apparently, ssh seems to be not involved in the problem.
I can't login localy too! and the log (auth.log) says :
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=tty1 ruser= rhost= user=username
pam_ldap: ldap_simple_bind Can't contact LDAP server
FAILED LOGIN (1) on 'tty1' FOR `username', Authentication failure

The message is quite explicit. I really don't want to break my config by making bad manipulations...
So, again, please, help!!! :)

topdog 17th April 2008 17:58

Just go through the tutorial again, as your error indicates that either nss/pam cannot see your ldap server or cannot bind to it, could be wrong binding details configured.

utopic_men 12th May 2008 17:08

Sorry for the delay topdog.
I've followed again the tuto in a virtual machine on a fresh debian etch install.
After step 9, the auth via ssh was not working anyway. But, once logged in webmin, this one warned me that two files was mismatching. Then, I selected the proposed solution : auto repair the involved files. Then, auth was working.
I decided to compare the two config files (physical server Vs virtual server) /etc/pam_ldap.conf and found this difference :
* physical contains : "uri ldapi:///127.0.0.1"
* virtual contains : "uri ldap://127.0.0.1"
So, by updating the physical server config file, I resolved my authentification problem.

I've still an error reported in /var/log/auth.log (see the first line of the following three) when I'm logging in via ssh :
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.12 user=david
Accepted password for david from 192.168.1.12 port 48172 ssh2
(pam_unix) session opened for user david by (uid=0)

So, what's wrong with this config????
And why "uid=0" in the auth.log file???

Thank you in advance

topdog 12th May 2008 18:30

ldapi is supposed to use a unix socket NOT a tcp port so it should point to a socket file not an ip address, the tutorial is wrong on that part, as for the uid turning out to be 0 am not sure but am guessing that the pam system runs as root to get the directory info before logging the user in i could be wrong


All times are GMT +2. The time now is 12:28.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.