user login via ssh doesn't work

Discussion in 'HOWTO-Related Questions' started by utopic_men, Apr 17, 2008.

  1. utopic_men

    utopic_men New Member


    I've followed this very good howto "OpenLDAP + Samba Domain Controller On Ubuntu 7.10" under Debian etch.
    All is working very well except one thing : I cannot connect to my server via ssh with "normal" user (previously added in ldap). with root, it works fine.
    Some precisions :
    * A winxp workstation joined to the created domain can use this account.
    * I can also make a "su - useraccount" via ssh once connected with root account.
    * my /var/log/auth.log file tells me that when auth fails :
    (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=username
    pam_ldap: ldap_simple_bind Can't contact LDAP server
    Failed password for username from port 53572 ssh2

    Please, help!

  2. topdog

    topdog Active Member

    Seems like your ldap server is not running
  3. utopic_men

    utopic_men New Member

    Firstly, thanks you answering me.

    I confirm you that ldap server is running and working very well ("ps aux | grep ldap" confirm that).
    I can make ldap-search, smbldap-**** commands, use phpldapadmin, ldap webmin fonctionnality.......

    Apparently, ssh seems to be not involved in the problem.
    I can't login localy too! and the log (auth.log) says :
    (pam_unix) authentication failure; logname= uid=0 euid=0 tty=tty1 ruser= rhost= user=username
    pam_ldap: ldap_simple_bind Can't contact LDAP server
    FAILED LOGIN (1) on 'tty1' FOR `username', Authentication failure

    The message is quite explicit. I really don't want to break my config by making bad manipulations...
    So, again, please, help!!! :)
  4. topdog

    topdog Active Member

    Just go through the tutorial again, as your error indicates that either nss/pam cannot see your ldap server or cannot bind to it, could be wrong binding details configured.
  5. utopic_men

    utopic_men New Member

    Sorry for the delay topdog.
    I've followed again the tuto in a virtual machine on a fresh debian etch install.
    After step 9, the auth via ssh was not working anyway. But, once logged in webmin, this one warned me that two files was mismatching. Then, I selected the proposed solution : auto repair the involved files. Then, auth was working.
    I decided to compare the two config files (physical server Vs virtual server) /etc/pam_ldap.conf and found this difference :
    * physical contains : "uri ldapi:///"
    * virtual contains : "uri ldap://"
    So, by updating the physical server config file, I resolved my authentification problem.

    I've still an error reported in /var/log/auth.log (see the first line of the following three) when I'm logging in via ssh :
    (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=david
    Accepted password for david from port 48172 ssh2
    (pam_unix) session opened for user david by (uid=0)

    So, what's wrong with this config????
    And why "uid=0" in the auth.log file???

    Thank you in advance
  6. topdog

    topdog Active Member

    ldapi is supposed to use a unix socket NOT a tcp port so it should point to a socket file not an ip address, the tutorial is wrong on that part, as for the uid turning out to be 0 am not sure but am guessing that the pam system runs as root to get the directory info before logging the user in i could be wrong

Share This Page