[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Solved: Problem loggin in via ssh AND ldap

Heinrich Rebehn wrote:
> Heinrich Rebehn wrote:
>>Hi all,
>>this is my first post to this list. I searched the archives for this
>>problem but could not find anything.
>>I installed Debian Sarge on an Athlon64 3000+ from amd64.debian.net.
>>I configured the machine to use ldap for authentication and
>>automounting. This setup is working fine on our i386 machines running Sarge.
>>Relevant packages installed:
>>autofs-ldap    4.1.3+4.1.4bet LDAP map support for autofs
>>ldap-utils     2.2.23-8       OpenLDAP utilities
>>libldap-2.2-7  2.2.23-8       OpenLDAP libraries
>>libldap2       2.1.30-8       OpenLDAP libraries
>>libnss-ldap    238-1          NSS module for using LDAP as a naminservic
>>ssh            3.8.1p1-8.sarg Secure rlogin/rsh/rcp replacement(OpenSSH)
>>The following things work:
>>- login as root (localuser) or rebehn (ldap user) via console
>>- login as root via ssh
>>The following does *not* work:
>>- login as rebehn via ssh
>>/var/log/auth.log shows:
>>sshd[17022]: Illegal user rebehn from ::ffff:
>>sshd[17022]: (pam_unix) check pass; user unknown
>>sshd[17022]: (pam_unix) authentication failure; logname= uid=0 euid=0
>>tty=ssh ruser= rhost=bremerhaven.ant.uni-bremen.de
>>sshd[17022]: error: PAM: User not known to the underlying authentication
>>module for illegal user rebehn from bremerhaven.ant.uni-bremen.de
>>sshd[17022]: Failed keyboard-interactive/pam for illegal user rebehn
>>from ::ffff: port 57494 ssh2
>>getent is working:
>>root@amd64 [~] # getent passwd rebehn
>>rebehn:<crypted pwd>:232:1020:Heinrich Rebehn:/home/rebehn:/bin/bash
>>How does all this fit together? Why do getent and login via console work
>>whereas login via ssh does not?
>>It cannot be a ldap problem because i can login as rebehn via console.
>>It also cannot be a ssh problem because i can login as root via ssh.
>>I did not change any of the pam config files.
>>Can anyone help? Need more info?
> Problem solved. A simple reboot did the trick. Normally a reboot after
> system changes is only rquired with another widely used OS ;-)
> Nevertheless i am happy now :-)
> Sorry for the noise,
> Heinrich
Update: I was able to reproduce the problem with a new install.
After installing libnss-ldap and configuring /etc/nsswitch.com to use
ldap, one has to do a 'pkill -HUP sshd'.
Just for the records.


Reply to: