From: Малыгин Максим Сергеевич (max@kazna.ru)
Date: Tue Aug 23 2005 - 23:30:18 EDT
Hello, tru64-unix-managers@ornl.gov.
I have AlphaServer DS10 for testing authentication users from AD in
Tru64 5.1 (logging via SSH).
I've tested some configurations with different Windows servers (before
each configuration i've reinstalled tru64 5.1b and apply Tru64 UNIX
Version 5.1B-3 Patch kit (T64V51BB26AS0005-20050502.tar)):
1. AD on Windows 2000 SP4:
After sw2ksetup successfully finished i see all AD groups (for which i
define tru64 unix attributes in AD) and i see only some AD users (for
which i define tru64 unix attributes in AD). I've created some new
users in AD (from tru64 by creacct and from windows) and again some
users mapped to tru64 and some not. I can't understand why...
For users that mapped all works fine - they can logon via SSH with
their AD username and password.
2. AD on Windows 2003 RTM:
After sw2ksetup successfully finished i don't see any AD users or
groups for which i set tru64 attributes in AD. After Tru64 reboot i
can't logon any user via SSH.
In auth.log:
> Aug 19 15:10:52 ds10 sshd2[611]: connection from "172.20.4.25"
> Aug 19 15:10:54 ds10 sshd2[8332]: WARNING: ssh_user_validate_kerberos_password: uc not krb
> Aug 19 15:10:55 ds10 sshd2[8332]: User root's local password accepted.
> Aug 19 15:10:55 ds10 sshd2[8332]: Password authentication for user root accepted.
> Aug 19 15:10:55 ds10 sshd2[8332]: User root, coming from max.sktest.ru, authenticated.
> Aug 19 15:10:55 ds10 sshd2[8332]: Local disconnected: Connection closed.
> Aug 19 15:10:55 ds10 sshd2[8332]: connection lost: 'Connection closed.'
# ssh -v localhost
> debug: SshAppCommon/sshappcommon.c:185: Allocating global SshRegex context.
> debug: SshConfig/sshconfig.c:2795: Version not found on first line, assuming configuration to be old style.
> debug: SshConfig/sshconfig.c:646: Setting variable 'VerboseMode' to 'FALSE'.
> debug: SshConfig/sshconfig.c:2737: Unable to open //.ssh2/ssh2_config
> debug: Connecting to localhost, port 22... (SOCKS not used)
> debug: Ssh2/ssh2.c:2332: Entering event loop.
> debug: Ssh2Client/sshclient.c:1452: Creating transport protocol.
> debug: SshAuthMethodClient/sshauthmethodc.c:95: Added "publickey" to usable methods.
> debug: SshAuthMethodClient/sshauthmethodc.c:95: Added "password" to usable methods.
> debug: Ssh2Client/sshclient.c:1493: Creating userauth protocol.
> debug: client supports 2 auth methods: 'publickey,password'
> debug: SshUnixTcp/sshunixtcp.c:1227: using local hostname ds10.sktest.ru
> debug: Ssh2Common/sshcommon.c:541: local ip = 127.0.0.1, local port = 2246
> debug: Ssh2Common/sshcommon.c:543: remote ip = 127.0.0.1, remote port = 22
> debug: SshConnection/sshconn.c:1957: Wrapping...
> debug: SshReadLine/sshreadline.c:3388: Initializing ReadLine...
> debug: Remote version: SSH-2.0-3.2.0 SSH Secure Shell Tru64 UNIX
> debug: Major: 3 Minor: 2 Revision: 0
> debug: Ssh2Transport/trcommon.c:1913: lang s to c: `', lang c to s: `'
> debug: Ssh2Transport/trcommon.c:1978: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
> debug: Ssh2Transport/trcommon.c:1981: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
> debug: Remote host key found from database.
> debug: Ssh2Common/sshcommon.c:342: Received SSH_CROSS_STARTUP packet from connection protocol.
> debug: Ssh2Common/sshcommon.c:392: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
> debug: server offers auth methods 'hostbased,publickey,password'.
> debug: SshConfig/sshconfig.c:2737: Unable to open //.ssh2/identification
> debug: Ssh2AuthClient/sshauthc.c:330: Method 'publickey' disabled.
> debug: server offers auth methods 'hostbased,publickey,password'.
> debug: Ssh2AuthPasswdClient/authc-passwd.c:117: Starting password query...
> root's password:
> debug: Ssh2Common/sshcommon.c:310: Received SSH_CROSS_AUTHENTICATED packet from connection protocol.
> debug: SshReadLine/sshreadline.c:3454: Uninitializing ReadLine...
> Authentication successful.
> debug: Ssh2Common/sshcommon.c:852: num_channels now 1
> debug: Requesting X11 forwarding with authentication spoofing.
> debug: Ssh2ChannelSession/sshchsession.c:1981: received exit signal. signal number: 11; core dumped: FALSE; error msg: "", language tag: ""
> debug: Ssh2Common/sshcommon.c:819: num_channels now 0
> debug: Got session close with exit_status=0
> debug: destroying client struct...
> debug: Ssh2Client/sshclient.c:1528: Destroying client.
> debug: SshConfig/sshconfig.c:2339: Freeing pki. (host_pki != NULL, user_pki = NULL)
> debug: SshConnection/sshconn.c:2009: Destroying SshConn object.
> Connection to localhost closed.
> debug: Ssh2Client/sshclient.c:1596: Destroying client completed.
> debug: SshAuthMethodClient/sshauthmethodc.c:100: Destroying authentication method array.
> debug: SshAppCommon/sshappcommon.c:198: Freeing global SshRegex context.
> debug: SshConfig/sshconfig.c:2339: Freeing pki. (host_pki = NULL, user_pki = NULL)
Stopping ldapcd don't repair this problem.
On console and X-server i can logon normally.
And after Windows 2003 reboot i see error in lsass.exe and cycling
reboot...
3. AD on Windows 2003 ServicePack 1 and all updates for current date:
After sw2ksetup successfully finished all the same as in 2 but after
reboot windows 2003 works normally.
So i have 3 questions:
1. Why not all my users from AD on Win2000SP4 mapped to tru64 ?
2. Can W2KSSO works with AD on Windows2003 ?
3. Why i can't logon via SSH after configuring ldapcd with AD on
Windows 2003 ?
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:22 EDT