nsswitch.conf should have read: passwd: files ldap nisplus nis shadow: files ldap nisplus nis group: files ldap nisplus nis Gary --- "Gary C. New" <garycnew@yahoo.com> wrote: > I have been trying to enable ssh authentication with > ldap accounts via pam_ldap and nss_ldap. I've found > several mini howto's, but none of them seem to work > with my system. I have noticed that the ldap > entries > in nsswitch.conf seem to be working as the ldap > created home directories are nolonger numbered uid > and > gid but their appropriate uid and gid names. > However, > when I try to authenticate using ssh it gives me a > password error and ldap doesn't even look as though > it > has been quiried. > > The follow are samples of some of my files. > > Test ldap entry: > > dn: uid=test_test_org, ou=users, > ispmanDomain=test.org, dc=test, dc=org > ispmanStatus: active > ispmanCreateTimestamp: 1035521557 > uid: test_test_org > ispmanUserId: test > ispmanDomain: test.org > uidNumber: 1007 > gidNumber: 1002 > mailHost: test > homeDirectory: /home/test.org/users/test_test_org/ > loginShell: /bin/false > mailQuota: 5120 > creatorsName: cn=root,dc=test,dc=org > createTimestamp: 20021025045237Z > userPassword:: xxxxxx > mailRoutingAddress: test_test_org@test > FTPStatus: disabled > mailForwardingAddress: test@test.org > objectClass: top > objectClass: person > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: ispmanDomainUser > objectClass: PureFTPdUser > mailLocalAddress: test@test.org > cn: Test Test > sn: Test > givenName: Test > modifiersName: cn=root,dc=test,dc=org > modifyTimestamp: 20021025045310Z > > (I've noticed that other's pam.d/sshd file have > different libraries. Is this a problem?) > > cat /etc/pam.d/sshd > > #%PAM-1.0 > auth sufficient /lib/security/pam_ldap.so > auth required /lib/security/pam_stack.so > service=system-auth > auth required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_ldap.so > account required /lib/security/pam_stack.so > service=system-auth > password sufficient /lib/security/pam_ldap.so > password required /lib/security/pam_stack.so > service=system-auth > session sufficient /lib/security/pam_ldap.so > session required /lib/security/pam_stack.so > service=system-auth > session required /lib/security/pam_limits.so > session optional /lib/security/pam_console.so > > /etc/nsswitch.conf > > passwd: files nisplus nis > shadow: files nisplus nis > group: files nisplus nis > > I compiled pam_ldap and nss_ldap from source, but no > /etc/*.conf files were created for them. > > Any idea why I am able to get the nss_ldap working, > but not the pam_ldap with ssh? > > I would appreciate any comments or suggestions. > > Respectfully, > > > Gary > > __________________________________________________ > Do you Yahoo!? > Y! Web Hosting - Let the expert host your web site > http://webhosting.yahoo.com/ > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
