Re: RHEL3, RHEL4, openssh and openldap

Followup on my own post...

Two things I forgot to add: using Webmin, *it* thinks that the RHEL3 box
is configured to use LDAP, but when I hit the validate configuration
under LDAP clients, it says everything is hunky-dory... except it can't
find a valid user. Meanwhile, using the search ldap option of Webmin,
and using ldapsearch, I can find entries under People, and all have
posixAccounts, etc.

mark

----- Original Message -----
From: mroth@xxxxxxxxxx
Date: Monday, September 25, 2006 2:01 pm
Subject: RHEL3, RHEL4, openssh and openldap
To: redhat-list@xxxxxxxxxx

Hi, folks,

Well, after weeks of fighting, I got openldap working, including
automounting home directories... but that was between two RHEL4
boxen. I
have an RHEL3 box (and no, I don't look to get permission to
upgrade it
soon), and I've tried everything, but it seems as though openssh is
notgoing through PAM to call ldap. On RHEL4, /var/log/secure tells
me it
hit LDAP; while on the RHEL3 box, I see nothing, other than password
failed for <username>.

The RHEL4 are running openssh 3.9.p1-8, pam 0.77-65, and openldap
2.2.13-2, and the server's on one of them. The RHEL3 box has openssh
3.6.1p2, pam 0.75-67, and openldap 2.0.27 (core, -22, clients, -17).

I've tried running ssh -vvv to get there, and it tells me nothing
useful, and I've also tried running strace right after attempting
to log
on, and the things that make me nervous are a reference to trying to
open nsswitch.conf, and "... an ex" in the text with it, and then it
seems to be printing out what you'd get with -?.

Are there any known interoperability issues? Is the version of
openssh I'm using *really* PAM-enabled?

Clues for the poor?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • RHEL3, RHEL4, openssh and openldap
    ... Well, after weeks of fighting, I got openldap working, including ... but that was between two RHEL4 boxen. ... have an RHEL3 box (and no, I don't look to get permission to upgrade it ... The RHEL4 are running openssh 3.9.p1-8, pam 0.77-65, and openldap ...
    (RedHat)
  • Re: [FreeBsd 7.0] Openldap server - client / error with openssl - openssh
    ... I just found security upgrade openssh, but don't running on my ldap ... Openldap server - client / error with openssl - openssh ...
    (freebsd-current)
  • SUMMARY: OpenSSH and Solaris PAM
    ... with PAM and my LDAP users can login now. ... However, for LDAP to work properly, I had to modify my pam.conf slightly, ... > I wonder if anyone has succeeded with making OpenSSH 3.7.1p2 to work ... It works fine with Sun SSH but the OpenSSH completely ignores it. ...
    (SunManagers)
  • OS user defined in LDAP and sftp performance.
    ... When logging in using ssh with a user defined in LDAP, the 'ls -l' of any given directory is done within seconds. ... This is not an issue with the sftp client, as I've tested several sftp clients (OpenSSH, F-Secure and WinSCP) and all have the same problem. ... this even happens when the owners of the files/directories that are being displayed with the 'ls -l' command are local users. ...
    (SSH)
  • Re: ssh.com and pam
    ... using ssh.com's version of ssh to use LDAP for PAM authentication. ... successful using OpenSSH. ...
    (comp.security.ssh)