I have a couple of boxes here that I've configured to allow ssh
log-ins over LDAP.
They seem to be identically configured to other boxes that work fine,
yet when a user tries to log in, the following error is logged:
Apr 19 15:46:21 irc1sj sshd[7466]: PAM pam_set_item: NULL pam handle passed
Apr 19 15:46:21 irc1sj sshd[7466]: Failed password for illegal user shelby from 10.160.71.254 port 1016
The password and user are known to be good.
/etc/pam.d/sshd looks like this:
#%PAM-1.0
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so
session required /lib/security/pam_limits.so debug
An ldapsearch from the box works fine, so there's no issue with
contacting the LDAP server itself.
I'm running nss_ldap 122 and pam_ldap 77 on this box; not the newest
versions, but they work fine on other systems I have built.
Does anyone have any ideas?
Ian
--
Ian Macdonald | A failure will not appear until a unit has
Senior System Administrator | passed final inspection.
Linuxcare, Inc. |
Support for the Revolution |
|
