PAM/LDAP authentication
Hello,
I have a Debian box ( unstable ) that needs to authenticate against an
ldap server. I have set up the libnss-ldap package, so that if I look
for an user that's only in LDAP , such as getent passwd ldapuser , I get
the proper answer back from the LDAP server.
The only thing that's not working is authentication.
I have the following likes in common-auth & common-account :
common-auth :
auth sufficient pam_ldap.so ignore_unknown_user
auth required pam_unix.so use_first_pass
common-account :
account sufficient pam_ldap.so ignore_unknown_user
account sufficient pam_unix.so use_first_pass
account required pam_deny.so
When I try to ssh in the machine using my LDAP user , I get the
following entries in auth.log :
Mar 16 10:59:54 xxx sshd[9777]: Illegal user radu from
::ffff:xxx.yyy.xxx.yyy
Mar 16 11:05:31 xxx sshd[9777]: pam_ldap: error trying to bind as user
"uid=radu,ou=People,o=xxxxxx" (Invalid credentials)
Mar 16 11:05:31 xxx sshd[9777]: (pam_unix) check pass; user unknown
Mar 16 11:05:31 xxx sshd[9777]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=xxxxx
Mar 16 11:05:33 xxx sshd[9777]: error: PAM: User not known to the
underlying authentication module for illegal user radu from xxxxxxx
Can some one shed some light on this ?
Thanks ,
Radu
Reply to: