On 03/05/2010, at 9:41 PM, Ward Poelmans wrote: > On Mon, May 3, 2010 at 09:41, Indexer <inde...@internode.on.net> wrote: >> I am currently trying to make a ldap server which i can use to authenticate >> users. Sadly a large number of how to's are incomplete and don't work, so >> after reading alot of how to's and manuals I have got 99.9% of the way. On >> attempting to authenticate a user it denies the user access with a error >> from auth.log >> >> May 4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for >> william from 172.20.0.1 >> > > What does you ssh file in /etc/pam.d look like?
# auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth sufficient /usr/local/lib/pam_ldap.so no_warn use_first_pass auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so #account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass > > Ward > I was under the impression that SSH was able to use pam from the system module? I will try this out now uncommenting the ldap settings.
