| 1 |
On 03/05/2010, at 9:41 PM, Ward Poelmans wrote: |
| 2 |
|
| 3 |
> On Mon, May 3, 2010 at 09:41, Indexer <indexer@××××××××××××.net> wrote: |
| 4 |
>> I am currently trying to make a ldap server which i can use to authenticate users. Sadly a large number of how to's are incomplete and don't work, so after reading alot of how to's and manuals I have got 99.9% of the way. On attempting to authenticate a user it denies the user access with a error from auth.log |
| 5 |
>> |
| 6 |
>> May 4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for william from 172.20.0.1 |
| 7 |
>> |
| 8 |
> |
| 9 |
> What does you ssh file in /etc/pam.d look like? |
| 10 |
|
| 11 |
# auth |
| 12 |
auth sufficient pam_opie.so no_warn no_fake_prompts |
| 13 |
auth requisite pam_opieaccess.so no_warn allow_local |
| 14 |
#auth sufficient pam_krb5.so no_warn try_first_pass |
| 15 |
#auth sufficient pam_ssh.so no_warn try_first_pass |
| 16 |
#auth sufficient /usr/local/lib/pam_ldap.so no_warn use_first_pass |
| 17 |
auth required pam_unix.so no_warn try_first_pass |
| 18 |
|
| 19 |
# account |
| 20 |
account required pam_nologin.so |
| 21 |
#account required pam_krb5.so |
| 22 |
account required pam_login_access.so |
| 23 |
account required pam_unix.so |
| 24 |
#account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user |
| 25 |
|
| 26 |
# session |
| 27 |
#session optional pam_ssh.so |
| 28 |
session required pam_permit.so |
| 29 |
|
| 30 |
# password |
| 31 |
#password sufficient pam_krb5.so no_warn try_first_pass |
| 32 |
password required pam_unix.so no_warn try_first_pass |
| 33 |
|
| 34 |
> |
| 35 |
> Ward |
| 36 |
> |
| 37 |
|
| 38 |
I was under the impression that SSH was able to use pam from the system module? I will try this out now uncommenting the ldap settings. |
Archives