Re: User Authentication with nslcd 0.8.13
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: User Authentication with nslcd 0.8.13
- From: Priya Seshaadri <priya.sesh [at] gmail.com>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: User Authentication with nslcd 0.8.13
- Date: Tue, 29 Oct 2013 12:40:35 -0500
Hi,
Thanks for all your support! I was able to get the debug messages from nslcd, pam_ldap and pam_unix and found that PAM was not being used for SSH (which was how I was trying to log on). I made some changes in /etc/ssh_config and /etc/sshd_config. Here are the lines I added:
/etc/ssh_config
SendEnv LANG LC_*
HashKnownHosts yes
ServerAliveInterval 120
/etc/sshd_config
HostbasedAuthentication no
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
TCPKeepAlive yes
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
After this, I was able to authenticate users trying to log in via SSH.
On Thu, Aug 8, 2013 at 5:00 PM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Thu, 2013-08-08 at 14:32 -0500, Priya Seshaadri wrote:Yes, this looks more like the nss-pam-ldapd version.
> Here's the objectdump of the other pam_ldap.so:
It is probably best to remove or set aside the other PAM module. What
> Do you have any suggestions on how to debug the PAM module to see
> where it is failing?
would be useful is configuring the PAM stack for su to use LDAP.
To figure out what is exactly going on is running (as root):
strace -f -o logfile su - nobody -c 'su - someldapuser'
and log in (BEWARE: your typed-in password will probably end up in the
logfile). The login itself will probably fail because of running under
strace though but the logfile would then show exactly what was going on.
For example, it will show which files are opened (which PAM module,
which PAM configuration file, etc.). At a certain point it should
connect to /var/run/nslcd/socket.
Running nslcd in debug mode should show PAM requests coming in.
Most PAM modules also accept a debug argument (pam_unix and pam_ldap
both support this) which makes them present debugging output either to
stdout or to syslog.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Re: User Authentication with nslcd 0.8.13, (continued)
- Re: User Authentication with nslcd 0.8.13, Arthur de Jong
- Re: User Authentication with nslcd 0.8.13, William Hopkins
- Re: User Authentication with nslcd 0.8.13, Arthur de Jong
- Re: User Authentication with nslcd 0.8.13, William Hopkins
- Re: User Authentication with nslcd 0.8.13, Priya Seshaadri
- Prev by Date: Re: Password problem
- Next by Date: Re: Password problem
- Previous by thread: Re: User Authentication with nslcd 0.8.13
- Next by thread: Problem with nslcd