Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th April 2008, 11:46
utopic_men utopic_men is offline
Junior Member
 
Join Date: Apr 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default user login via ssh doesn't work

Hy,

I've followed this very good howto "OpenLDAP + Samba Domain Controller On Ubuntu 7.10" under Debian etch.
All is working very well except one thing : I cannot connect to my server via ssh with "normal" user (previously added in ldap). with root, it works fine.
Some precisions :
* A winxp workstation joined to the created domain can use this account.
* I can also make a "su - useraccount" via ssh once connected with root account.
* my /var/log/auth.log file tells me that when auth fails :
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.19 user=username
pam_ldap: ldap_simple_bind Can't contact LDAP server
Failed password for username from 192.168.1.19 port 53572 ssh2


Please, help!

Thanx,
Utopic_men
Reply With Quote
Sponsored Links
  #2  
Old 17th April 2008, 14:33
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Seems like your ldap server is not running
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 17th April 2008, 14:54
utopic_men utopic_men is offline
Junior Member
 
Join Date: Apr 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Firstly, thanks you answering me.

I confirm you that ldap server is running and working very well ("ps aux | grep ldap" confirm that).
I can make ldap-search, smbldap-**** commands, use phpldapadmin, ldap webmin fonctionnality.......

Apparently, ssh seems to be not involved in the problem.
I can't login localy too! and the log (auth.log) says :
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=tty1 ruser= rhost= user=username
pam_ldap: ldap_simple_bind Can't contact LDAP server
FAILED LOGIN (1) on 'tty1' FOR `username', Authentication failure

The message is quite explicit. I really don't want to break my config by making bad manipulations...
So, again, please, help!!!
Reply With Quote
  #4  
Old 17th April 2008, 17:58
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Just go through the tutorial again, as your error indicates that either nss/pam cannot see your ldap server or cannot bind to it, could be wrong binding details configured.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 12th May 2008, 17:08
utopic_men utopic_men is offline
Junior Member
 
Join Date: Apr 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Sorry for the delay topdog.
I've followed again the tuto in a virtual machine on a fresh debian etch install.
After step 9, the auth via ssh was not working anyway. But, once logged in webmin, this one warned me that two files was mismatching. Then, I selected the proposed solution : auto repair the involved files. Then, auth was working.
I decided to compare the two config files (physical server Vs virtual server) /etc/pam_ldap.conf and found this difference :
* physical contains : "uri ldapi:///127.0.0.1"
* virtual contains : "uri ldap://127.0.0.1"
So, by updating the physical server config file, I resolved my authentification problem.

I've still an error reported in /var/log/auth.log (see the first line of the following three) when I'm logging in via ssh :
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.12 user=david
Accepted password for david from 192.168.1.12 port 48172 ssh2
(pam_unix) session opened for user david by (uid=0)

So, what's wrong with this config????
And why "uid=0" in the auth.log file???

Thank you in advance
Reply With Quote
  #6  
Old 12th May 2008, 18:30
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
 
Default

ldapi is supposed to use a unix socket NOT a tcp port so it should point to a socket file not an ip address, the tutorial is wrong on that part, as for the uid turning out to be 0 am not sure but am guessing that the pam system runs as root to get the directory info before logging the user in i could be wrong
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot ssh login problem gral Server Operation 3 2nd November 2007 18:25
kann keine mails empfangen odin1 Installation/Configuration 5 6th July 2006 12:13
User Login Error radioguy General 1 18th August 2005 16:52
User login m u r Installation/Configuration 11 6th August 2005 11:18
user login m u r Installation/Configuration 0 2nd August 2005 20:38


All times are GMT +2. The time now is 21:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.