1 |
On 03/05/2010, at 9:41 PM, Ward Poelmans wrote: |
2 |
|
3 |
> On Mon, May 3, 2010 at 09:41, Indexer <indexer@××××××××××××.net> wrote: |
4 |
>> I am currently trying to make a ldap server which i can use to authenticate users. Sadly a large number of how to's are incomplete and don't work, so after reading alot of how to's and manuals I have got 99.9% of the way. On attempting to authenticate a user it denies the user access with a error from auth.log |
5 |
>> |
6 |
>> May 4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for william from 172.20.0.1 |
7 |
>> |
8 |
> |
9 |
> What does you ssh file in /etc/pam.d look like? |
10 |
|
11 |
# auth |
12 |
auth sufficient pam_opie.so no_warn no_fake_prompts |
13 |
auth requisite pam_opieaccess.so no_warn allow_local |
14 |
#auth sufficient pam_krb5.so no_warn try_first_pass |
15 |
#auth sufficient pam_ssh.so no_warn try_first_pass |
16 |
#auth sufficient /usr/local/lib/pam_ldap.so no_warn use_first_pass |
17 |
auth required pam_unix.so no_warn try_first_pass |
18 |
|
19 |
# account |
20 |
account required pam_nologin.so |
21 |
#account required pam_krb5.so |
22 |
account required pam_login_access.so |
23 |
account required pam_unix.so |
24 |
#account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user |
25 |
|
26 |
# session |
27 |
#session optional pam_ssh.so |
28 |
session required pam_permit.so |
29 |
|
30 |
# password |
31 |
#password sufficient pam_krb5.so no_warn try_first_pass |
32 |
password required pam_unix.so no_warn try_first_pass |
33 |
|
34 |
> |
35 |
> Ward |
36 |
> |
37 |
|
38 |
I was under the impression that SSH was able to use pam from the system module? I will try this out now uncommenting the ldap settings. |