Re: [gentoo-user] Ldap authentication issues. - gentoo-user

From:	Daniel Troeder <daniel@×××××××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Ldap authentication issues.
Date:	Tue, 04 May 2010 21:31:36
Message-Id:	`4BE09213.4080209@admin-box.com`
In Reply to:	Re: [gentoo-user] Ldap authentication issues. by Indexer

1

On 05/03/2010 02:37 PM, Indexer wrote:

2

>

3

> On 03/05/2010, at 9:41 PM, Ward Poelmans wrote:

4

>

5

>> On Mon, May 3, 2010 at 09:41, Indexer <indexer@××××××××××××.net> wrote:

6

>>> I am currently trying to make a ldap server which i can use to authenticate users. Sadly a large number of how to's are incomplete and don't work, so after reading alot of how to's and manuals I have got 99.9% of the way. On attempting to authenticate a user it denies the user access with a error from auth.log

7

>>>

8

>>> May  4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for william from 172.20.0.1

9

>>>

10

>>

11

>> What does you ssh file in /etc/pam.d look like?

12

>

13

> # auth

14

> auth            sufficient      pam_opie.so             no_warn no_fake_prompts

15

> auth            requisite       pam_opieaccess.so       no_warn allow_local

16

> #auth           sufficient      pam_krb5.so             no_warn try_first_pass

17

> #auth           sufficient      pam_ssh.so              no_warn try_first_pass

18

> #auth           sufficient      /usr/local/lib/pam_ldap.so no_warn use_first_pass

19

> auth            required        pam_unix.so             no_warn try_first_pass

20

>

21

> # account

22

> account         required        pam_nologin.so

23

> #account        required        pam_krb5.so

24

> account         required        pam_login_access.so

25

> account         required        pam_unix.so

26

> #account                required        /usr/local/lib/pam_ldap.so      no_warn ignore_authinfo_unavail ignore_unknown_user

27

>

28

> # session

29

> #session        optional        pam_ssh.so

30

> session         required        pam_permit.so

31

>

32

> # password

33

> #password       sufficient      pam_krb5.so             no_warn try_first_pass

34

> password        required        pam_unix.so             no_warn try_first_pass

35

>

36

>>

37

>> Ward

38

>>

39

>

40

> I was under the impression that SSH was able to use pam from the system module? I will try this out now uncommenting the ldap settings.

41

>

42

Can the user login from a console?

43

And what about "su - william" from a non-root account? (From a

44

root-account it should work without problems.)

45

46

Daniel

Gentoo Archives: gentoo-user

Replies

1	On 05/03/2010 02:37 PM, Indexer wrote:
2	>
3	> On 03/05/2010, at 9:41 PM, Ward Poelmans wrote:
4	>
5	>> On Mon, May 3, 2010 at 09:41, Indexer <indexer@××××××××××××.net> wrote:
6	>>> I am currently trying to make a ldap server which i can use to authenticate users. Sadly a large number of how to's are incomplete and don't work, so after reading alot of how to's and manuals I have got 99.9% of the way. On attempting to authenticate a user it denies the user access with a error from auth.log
7	>>>
8	>>> May 4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for william from 172.20.0.1
9	>>>
10	>>
11	>> What does you ssh file in /etc/pam.d look like?
12	>
13	> # auth
14	> auth sufficient pam_opie.so no_warn no_fake_prompts
15	> auth requisite pam_opieaccess.so no_warn allow_local
16	> #auth sufficient pam_krb5.so no_warn try_first_pass
17	> #auth sufficient pam_ssh.so no_warn try_first_pass
18	> #auth sufficient /usr/local/lib/pam_ldap.so no_warn use_first_pass
19	> auth required pam_unix.so no_warn try_first_pass
20	>
21	> # account
22	> account required pam_nologin.so
23	> #account required pam_krb5.so
24	> account required pam_login_access.so
25	> account required pam_unix.so
26	> #account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
27	>
28	> # session
29	> #session optional pam_ssh.so
30	> session required pam_permit.so
31	>
32	> # password
33	> #password sufficient pam_krb5.so no_warn try_first_pass
34	> password required pam_unix.so no_warn try_first_pass
35	>
36	>>
37	>> Ward
38	>>
39	>
40	> I was under the impression that SSH was able to use pam from the system module? I will try this out now uncommenting the ldap settings.
41	>
42	Can the user login from a console?
43	And what about "su - william" from a non-root account? (From a
44	root-account it should work without problems.)
45
46	Daniel