Solved: Problem loggin in via ssh AND ldap
Heinrich Rebehn wrote:
> Hi all,
>
> this is my first post to this list. I searched the archives for this
> problem but could not find anything.
>
> I installed Debian Sarge on an Athlon64 3000+ from amd64.debian.net.
> I configured the machine to use ldap for authentication and
> automounting. This setup is working fine on our i386 machines running Sarge.
> Relevant packages installed:
> autofs-ldap 4.1.3+4.1.4bet LDAP map support for autofs
> ldap-utils 2.2.23-8 OpenLDAP utilities
> libldap-2.2-7 2.2.23-8 OpenLDAP libraries
> libldap2 2.1.30-8 OpenLDAP libraries
> libnss-ldap 238-1 NSS module for using LDAP as a naminservic
> ssh 3.8.1p1-8.sarg Secure rlogin/rsh/rcp replacement(OpenSSH)
>
> The following things work:
> - login as root (localuser) or rebehn (ldap user) via console
> - login as root via ssh
>
> The following does *not* work:
> - login as rebehn via ssh
>
> /var/log/auth.log shows:
>
> sshd[17022]: Illegal user rebehn from ::ffff:134.102.176.10
> sshd[17022]: (pam_unix) check pass; user unknown
> sshd[17022]: (pam_unix) authentication failure; logname= uid=0 euid=0
> tty=ssh ruser= rhost=bremerhaven.ant.uni-bremen.de
> sshd[17022]: error: PAM: User not known to the underlying authentication
> module for illegal user rebehn from bremerhaven.ant.uni-bremen.de
> sshd[17022]: Failed keyboard-interactive/pam for illegal user rebehn
> from ::ffff:134.102.176.10 port 57494 ssh2
>
> getent is working:
>
> root@amd64 [~] # getent passwd rebehn
> rebehn:<crypted pwd>:232:1020:Heinrich Rebehn:/home/rebehn:/bin/bash
>
>
> How does all this fit together? Why do getent and login via console work
> whereas login via ssh does not?
> It cannot be a ldap problem because i can login as rebehn via console.
> It also cannot be a ssh problem because i can login as root via ssh.
>
> I did not change any of the pam config files.
>
> Can anyone help? Need more info?
>
Problem solved. A simple reboot did the trick. Normally a reboot after
system changes is only rquired with another widely used OS ;-)
Nevertheless i am happy now :-)
Sorry for the noise,
Heinrich
Reply to: