Re: Solved: Problem loggin in via ssh AND ldap
Heinrich Rebehn wrote:
> Heinrich Rebehn wrote:
>>this is my first post to this list. I searched the archives for this
>>problem but could not find anything.
>>I installed Debian Sarge on an Athlon64 3000+ from amd64.debian.net.
>>I configured the machine to use ldap for authentication and
>>automounting. This setup is working fine on our i386 machines running Sarge.
>>Relevant packages installed:
>>autofs-ldap 4.1.3+4.1.4bet LDAP map support for autofs
>>ldap-utils 2.2.23-8 OpenLDAP utilities
>>libldap-2.2-7 2.2.23-8 OpenLDAP libraries
>>libldap2 2.1.30-8 OpenLDAP libraries
>>libnss-ldap 238-1 NSS module for using LDAP as a naminservic
>>ssh 3.8.1p1-8.sarg Secure rlogin/rsh/rcp replacement(OpenSSH)
>>The following things work:
>>- login as root (localuser) or rebehn (ldap user) via console
>>- login as root via ssh
>>The following does *not* work:
>>- login as rebehn via ssh
>>sshd: Illegal user rebehn from ::ffff:184.108.40.206
>>sshd: (pam_unix) check pass; user unknown
>>sshd: (pam_unix) authentication failure; logname= uid=0 euid=0
>>tty=ssh ruser= rhost=bremerhaven.ant.uni-bremen.de
>>sshd: error: PAM: User not known to the underlying authentication
>>module for illegal user rebehn from bremerhaven.ant.uni-bremen.de
>>sshd: Failed keyboard-interactive/pam for illegal user rebehn
>>from ::ffff:220.127.116.11 port 57494 ssh2
>>getent is working:
>>root@amd64 [~] # getent passwd rebehn
>>rebehn:<crypted pwd>:232:1020:Heinrich Rebehn:/home/rebehn:/bin/bash
>>How does all this fit together? Why do getent and login via console work
>>whereas login via ssh does not?
>>It cannot be a ldap problem because i can login as rebehn via console.
>>It also cannot be a ssh problem because i can login as root via ssh.
>>I did not change any of the pam config files.
>>Can anyone help? Need more info?
> Problem solved. A simple reboot did the trick. Normally a reboot after
> system changes is only rquired with another widely used OS ;-)
> Nevertheless i am happy now :-)
> Sorry for the noise,
Update: I was able to reproduce the problem with a new install.
After installing libnss-ldap and configuring /etc/nsswitch.com to use
ldap, one has to do a 'pkill -HUP sshd'.
Just for the records.