Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Oct 2003 16:18:01 +0200
From:      mkes@ra.rockwell.com
To:        freebsd-questions@freebsd.org
Subject:   Re: problems with pam_ldap - ssh and file attributes
Message-ID:  <OF81ADA0AA.2E5A26D4-ONC1256DB9.004D2040@ra.rockwell.com>
next in thread | raw e-mail | index | archive | help 
Since nobody responded I will do it myself :-).

Further investigation shown that the problem with connecting via ssh was only with the Putty client.
Normal command line ssh from another unix host worked fine. The Google search found one message targeting this problem.
The solution is to use ssh2 protocol instead of ssh1. I have experienced crashes of Putty v. 0.52 when using ssh2 but after upgrading to version 0.53b
 everything works fine.

Nevertheless the problem with file attributes persists.

Mira
---- Original message follows ----

Hi,

I just suceeded to install and configure pam_ldap authentication on my
5.1Release box. Everything seems to work fine (ftp, telnet, samba, ...)
except for ssh.
Any attempt to login (as user whose account is defined in the LDAP
directory) from a remote host using ssh end up with the  error message:
"Access denied". For users registered in /etc/passwd the ssh works fine.
There is no problem when login via telnet, ftp works fine as well but
the ssh doesn't.

The /etc/pam.d/sshd looks like:
------------
# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_opie.so             no_warn
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            sufficient      pam_ldap.so             debug try_first_pass
auth            required        pam_unix.so             no_warn
try_first_pass

# account
account         required        pam_login_access.so
account         sufficient      pam_ldap.so             debug
account         required        pam_unix.so

# session
session         required        pam_permit.so

# password
password        sufficient      pam_ldap.so             debug
password        required        pam_unix.so             no_warn
try_first_pass

--------------

Another problem is that commands like ls displays uid and gid as numbers
for files owned by LDAP users. On the other hand ftp displays them
correctly.

Any ideas how to fix that (especially in case of ssh) would be really
helpfull.

Thanks

Mira

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF81ADA0AA.2E5A26D4-ONC1256DB9.004D2040>