I have the following configuration: /etc/openldap/ldap.conf BASE ou=LNXUSERS,dc=example,dc=com URI ldap://1.1.1.1/ HOST adsvr.example.com TLS_REQCERT demand TLS_CACERT /etc/openldap/cacerts/exampleCA.pem /etc/ldap.conf host adsvr.example.com uri ldap://1.1.1.1 scope sub timelimit 30 binddn adlookup@xxxxxxxxxxx bindpw secret tls_checkpeer no ssl start_tls nss_base_passwd ou=LNXUSERS,dc=example,dc=com?sub nss_base_shadow ou=LNXUSERS,dc=example,dc=com?sub nss_base_group ou=LNXUSERS,dc=example,dc=com?sub?&(objectCategory=group)(gidnumber=*) nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_objectclass posixGroup group nss_map_attribute gecos name nss_map_attribute homeDirectory unixHomeDirectory pam_password ad This configuration works without sending bind user's name and password over the wire in clear text, and works for logging in from the local console, but it does not work for ssh logins. It looks like the user authenticates, but then receives a connection closed message. The /var/log/messages only shows a pam_krb5 message stating, "authentication succeeds for 'aduser' (aduser@xxxxxxxxxxx)". As the active directory user can login from local console I assume /etc/krb5.conf, /etc/nsswitch.conf, and /etc/pam.d/system-auth are configured correctly. I am guessing there is a problem possibly with /etc/pam.d/sshd or /etc/ssh/ssh_config file. Does anyone have any idea what is going on and how to get ssh logins working? Thanks. -- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
