I wouldn't blame the directory server, but it would be nice to see logs of what is getting through (ie, what the client is requesting). The ssh version doesn't really answer why you couldn't log in from a virtual terminal. As a matter of fact, the machine I'm testing this against is a RH9 machine with the 3.5p1 version of openssh. The log messages aren't particularly informative one way or another. If it really were using pam_ldap and it were a authentication issue you'd see messages like this: Jul 9 06:24:19 myhost sshd[16305]: pam_ldap: error trying to bind as user "uid= joeuser,ou=People,dc=example,dc=com" (Invalid credentials) -Steve -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven Sent: Thursday, July 08, 2004 10:50 PM To: General Red Hat Linux discussion list Subject: Re: Cant authenticate to LDAP domain with Redhat9 Ok, I wanted to check with my boss before messing with the ldap server. So I asked him; he said that there is nothing wrong with the server. He then proceeded to take a quick look at the "server which is pissing me off" and said that in order for pam_ldap.so to work I need ssh 3.7 or higher. I thought to myself, finally, maybe this is the answer, since I had openssh 3.5. Anyways I proceed to install rpms of openssh 3.7.1p2-1 and its dependencies. Here is the specifics: [root@blochee root]# rpm -qa | grep ssh openssh-askpass-3.7.1p2-1 openssh-3.7.1p2-1 openssh-clients-3.7.1p2-1 openssh-server-3.7.1p2-1 openssh-askpass-gnome-3.7.1p2-1 [root@blochee root]# I made sure to check my /etc/ssh/ssh_config and my /etc/ssh/sshd_config and modified anything that was not correct. Anyways to my dismay this did NOT WORK. However, my login error does give a new line of information in my /log/messages file. Here it is: Jul 8 20:20:57 blochee sshd(pam_unix)[21476]: check pass; user unknown Jul 8 20:20:57 blochee sshd(pam_unix)[21476]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu Jul 8 20:20:59 blochee sshd[21474]: error: PAM: Authentication failure Jul 8 20:21:03 blochee sshd(pam_unix)[21477]: check pass; user unknown Jul 8 20:21:03 blochee sshd(pam_unix)[21477]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu Jul 8 20:21:05 blochee sshd[21474]: error: PAM: Authentication failure What I now get that I did not have before is the line with "error: PAM: Authentication failure". If I am understanding this correctly this means that pam_ldap.so is getting called now.... Am I correct in my assumption? This is good because before I update ssh I did not get that error so it look like pam-ldap.so was not working at all. Does this shed any light onto my problem? Maybe my ssh config files are not set correctly? If you still think I need to look at the ldap server log files I will. BTW, On the other redhat servers they run with openssh 3.5.1 and they work...... Thanks for everybodies help on this problem. -- Steven ----- Original Message ----- From: "Rigler, Steve" <SRigler@xxxxxxxxxxxxxxx> To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> Sent: Thursday, July 08, 2004 4:30 AM Subject: RE: Cant authenticate to LDAP domain with Redhat9 > Assuming this is OpenLDAP and logging is set to a decent level > (see the "loglevel" directive in the slapd.conf and read > "man slapd.conf" to find out what the different loglevels do), > you can find out where it is doing logging by looking for > "local4.*" in the /etc/syslog.conf. > > Logging might not be turned on. I usually only turn it on when > I'm trying to debug a problem (which requires a restart of slapd). > > -Steve > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven > Sent: Wednesday, July 07, 2004 7:05 PM > To: General Red Hat Linux discussion list > Subject: Re: Cant authenticate to LDAP domain with Redhat9 > > I can log in as root to my ldap server.... > My boss set up the ldap domain so I really have not spent much time in > that server. > I looked for the log files, but cannot find them... The usually > var/log/messages file is empty. > Where should I look for some log files pertaining to the ldap info I > seek? > > -- > Steven > > Rigler, Steve wrote: > > >Do you have access to look at the logs on your directory > >server? > > > >-Steve > > > >-----Original Message----- > >From: redhat-list-bounces@xxxxxxxxxx on behalf of Steven > >Sent: Wed 7/7/2004 5:02 PM > >To: General Red Hat Linux discussion list > >Subject: Re: Cant authenticate to LDAP domain with Redhat9 > > > >Hi, > > > >No I have not tried rpm -V pam, but here is the output: > > > >[root@blochee root]# rpm -V pam > >S.5....T c /etc/pam.d/system-auth > >[root@blochee root]# > > > >Any thoughts on my problem... It is driving me up the wall. > > > >-- > >Steven > > > > > > > > > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
