Re: ldap/libnss/ssh: (remote) login stops working after some time
On 2009-09-03 05:02, Nico Schottelius wrote:
Hello!
As I reported in Bug 541188 [0], the ssh login to nodes with
ldap enabled for passwd, group and netgroup stops to work after some time.
Steve Langasek recommended to write it to this mailinglist.
Anyone a good hint what could be the reason for it?
For now I removed "[UNAVAIL=return]" from /etc/nsswitch.conf and
"debug" from /etc/pam.d/common-auth.
Details:
--------------------------------------------------------------------------------
- login fails with
root@bach16.ethz.ch: ssh_exchange_identification: Connection closed by remote host
nicosc@bach24.ethz.ch: ssh_exchange_identification: Connection closed by remote host
- login fails for root (who is not in ldap) and ldap users
- I cannot login locally as root!
I thought you said you couldn't *remotely* log in as root.
! It works again (i.e. ssh and local root), if I login locally as an LDAP user.
- It takes about 30 days to occur (or different, not yet sure)
[snip]
Aug 8 22:05:01 ikr3 CRON[19505]: (pam_krb5): none: ignoring low-UID user (0 < 1001)
Does the local root login failure start only after remote root
logins fail?
I'd work around this issue by not allowing remote root logins.
--
Brawndo's got what plants crave. It's got electrolytes!
Reply to: