From: nicholas (nicholas@no-spam.co.uk)
Date: Mon Oct 20 2003 - 13:40:04 EDT
hi there
The problem I had earlier on with id and su (or any other proggy that uses
passwd) not seeing the openldap served passwd db that getent could see on
the same machine was a bug in my ldif that had crept in. Re-wrote the ldif
and su and id can see everyone.
But now my problem is that:
I've given up on pam_ldap and i'm using pam_unix to authenticate.
i can telnet to the machine but could only ssh as root. all other users
get kicked off.
if i change my sshd_config file to include
UseLogin yes
then like telnet, which invokes login as well, all works.
I have tried compiling sshd --with-pam but that changes nothing.
has anyone seen this before?
here is output from sshd -d
Accepted password for bob from x.x.x.x port 61887 ssh2
debug1: permanently_set_uid: 9995/59996
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
login_get_lastlog: Cannot find account for uid 9995
debug1: Calling cleanup 0x31270(0x0)
debug1: channel 0: free: server-session, nchannels 1
debug1: Calling cleanup 0x3917c(0x0)
here is the output from ssh -vv, after hitting enter after typing the
password, which clearly states a success
debug1: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug1: channel request 0: shell
debug1: fd 4 setting TCP_NODELAY
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel_free: channel 0: client-session, nchannels 1
Connection to server closed by remote host.
Connection to server closed.
debug1: Transferred: stdin 0, stdout 0, stderr 77 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1130.1
debug1: Exit status -1
here is my pam.conf file
# PAM configuration
#
# Authentication management
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/pam_ldap.so
other auth required /usr/lib/security/$ISA/pam_unix.so shadow nullok
use_first_pass
#
# Account management
#
other account sufficient /usr/lib/security/pam_ldap.so
other account required /usr/lib/security/$ISA/pam_unix.so use_first_pass
#
# Session management
#
other session sufficient /usr/lib/security/$ISA/pam_unix.so.1
other session optional /usr/lib/security/pam_ldap.so.1 use_first_pass
#
# Password management
#
other password sufficient /usr/lib/security/pam_ldap.so.1
other password required /usr/lib/security/$ISA/pam_unix.so.1
use_first_pass
also, how can i get pam_ldap to work incidently.
many thanks for your time
nicholas
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:19 EDT