On 05/03/2010 02:37 PM, Indexer wrote: > > On 03/05/2010, at 9:41 PM, Ward Poelmans wrote: > >> On Mon, May 3, 2010 at 09:41, Indexer <inde...@internode.on.net> wrote: >>> I am currently trying to make a ldap server which i can use to authenticate >>> users. Sadly a large number of how to's are incomplete and don't work, so >>> after reading alot of how to's and manuals I have got 99.9% of the way. On >>> attempting to authenticate a user it denies the user access with a error >>> from auth.log >>> >>> May 4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for >>> william from 172.20.0.1 >>> >> >> What does you ssh file in /etc/pam.d look like? > > # auth > auth sufficient pam_opie.so no_warn > no_fake_prompts > auth requisite pam_opieaccess.so no_warn allow_local > #auth sufficient pam_krb5.so no_warn try_first_pass > #auth sufficient pam_ssh.so no_warn try_first_pass > #auth sufficient /usr/local/lib/pam_ldap.so no_warn > use_first_pass > auth required pam_unix.so no_warn try_first_pass > > # account > account required pam_nologin.so > #account required pam_krb5.so > account required pam_login_access.so > account required pam_unix.so > #account required /usr/local/lib/pam_ldap.so > no_warn ignore_authinfo_unavail ignore_unknown_user > > # session > #session optional pam_ssh.so > session required pam_permit.so > > # password > #password sufficient pam_krb5.so no_warn try_first_pass > password required pam_unix.so no_warn try_first_pass > >> >> Ward >> > > I was under the impression that SSH was able to use pam from the system > module? I will try this out now uncommenting the ldap settings. > Can the user login from a console? And what about "su - william" from a non-root account? (From a root-account it should work without problems.)
Daniel