Hy, I've followed this very good howto "OpenLDAP + Samba Domain Controller On Ubuntu 7.10" under Debian etch. All is working very well except one thing : I cannot connect to my server via ssh with "normal" user (previously added in ldap). with root, it works fine. Some precisions : * A winxp workstation joined to the created domain can use this account. * I can also make a "su - useraccount" via ssh once connected with root account. * my /var/log/auth.log file tells me that when auth fails : (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.19 user=username pam_ldap: ldap_simple_bind Can't contact LDAP server Failed password for username from 192.168.1.19 port 53572 ssh2 Please, help! Thanx, Utopic_men
Firstly, thanks you answering me. I confirm you that ldap server is running and working very well ("ps aux | grep ldap" confirm that). I can make ldap-search, smbldap-**** commands, use phpldapadmin, ldap webmin fonctionnality....... Apparently, ssh seems to be not involved in the problem. I can't login localy too! and the log (auth.log) says : (pam_unix) authentication failure; logname= uid=0 euid=0 tty=tty1 ruser= rhost= user=username pam_ldap: ldap_simple_bind Can't contact LDAP server FAILED LOGIN (1) on 'tty1' FOR `username', Authentication failure The message is quite explicit. I really don't want to break my config by making bad manipulations... So, again, please, help!!!
Just go through the tutorial again, as your error indicates that either nss/pam cannot see your ldap server or cannot bind to it, could be wrong binding details configured.
Sorry for the delay topdog. I've followed again the tuto in a virtual machine on a fresh debian etch install. After step 9, the auth via ssh was not working anyway. But, once logged in webmin, this one warned me that two files was mismatching. Then, I selected the proposed solution : auto repair the involved files. Then, auth was working. I decided to compare the two config files (physical server Vs virtual server) /etc/pam_ldap.conf and found this difference : * physical contains : "uri ldapi:///127.0.0.1" * virtual contains : "uri ldap://127.0.0.1" So, by updating the physical server config file, I resolved my authentification problem. I've still an error reported in /var/log/auth.log (see the first line of the following three) when I'm logging in via ssh : (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.12 user=david Accepted password for david from 192.168.1.12 port 48172 ssh2 (pam_unix) session opened for user david by (uid=0) So, what's wrong with this config???? And why "uid=0" in the auth.log file??? Thank you in advance
ldapi is supposed to use a unix socket NOT a tcp port so it should point to a socket file not an ip address, the tutorial is wrong on that part, as for the uid turning out to be 0 am not sure but am guessing that the pam system runs as root to get the directory info before logging the user in i could be wrong