Hi Roland, somehow I got it fixed, but now I am struggling with the point "Lamdaemon: check NSS LDAP". I get the error message "User ldap is a local user (/etc/passwd) but should be LDAP only.".
I tried to add ldap via LAM and deleting it out of /etc/passwd but that didn't worked out because then there is no unix account to connect to via SSH. After that, I tried to add an account via LAM and connect with that via SSH but there it tells me that the user doesn't exist. I also changed the /etc/nsswitch.conf file and added ldap to passwd, group and shadow. Probably you know what to do? Thanks in advance! Kind regards Junaid ________________________________ Von: Roland Gruber <p...@rolandgruber.de> Gesendet: Donnerstag, 5. Dezember 2024 07:44 An: lam-public@lists.sourceforge.net <lam-public@lists.sourceforge.net> Betreff: Re: [Lam-public] Can‘t get lamdaemon running Hi Junaid, can you retry with LAM 8.9 or 9.0.RC1? Just to validate it is not connected to an outdated ssh lib that is embedded in LAM. Also, set the debug level of the SSH server to debug to see how the client wants to authenticate. Best regards Roland Am 03.12.24 um 12:08 schrieb Junaid Louis Hassan: > Hi Roland, > > I’ve tried your suggestions and it did work out if I do it manually. But as > soon as I try the Lamdaemon Test it gives me the following errors: > > 2024-12-03T11:56:24.625975+01:00 blabla-server sshd[743864]: userauth_pubkey: > signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] > 2024-12-03T11:56:24.632737+01:00 blabla-server sshd[743864]: Received > disconnect from 127.0.0.1 port 36602:11: [preauth] > 2024-12-03T11:56:24.632839+01:00 blabla-server sshd[743864]: Disconnected > from authenticating user ldap 127.0.0.1 port 36602 [preauth] > > I then tried to add “PubkeyAcceptedAlgorithms +ssh-rsa“ to the > /etc/ssh/sshd_config File but it didn't help either: > > 2024-12-03T12:03:06.716292+01:00 blabla-server sshd[744733]: Received > disconnect from 127.0.0.1 port 54798:11: [preauth] > 2024-12-03T12:03:06.717028+01:00 blabla-server sshd[744733]: Disconnected > from authenticating user ldap 127.0.0.1 port 54798 [preauth] > > Best regards > Junaid > > >> Am 03.12.2024 um 07:53 schrieb Roland Gruber <p...@rolandgruber.de>: >> >> Hi Junaid, >> >> can you do a manual SSH login with these credentials on command line? >> Please make sure that you test the login as the webserver user (e.g. >> www-data). >> What does SSH report in its logs as rejection reason? >> >> Best regards >> Roland >> >> >>> Am 02.12.24 um 10:26 schrieb Junaid Louis Hassan: >>> Distributor ID: Ubuntu >>> Description: Ubuntu 24.04.1 LTS >>> Release: 24.04 >>> Codename: noble >>> Hello there, >>> We just started to do an OpenLDAP Server with LDAP-Account-Manager 8.5 as >>> our web interface. It all worked out well but now we are at a point where >>> we don’t know what to do. >>> We made an ‘ldap’ user via SSH before we installed OpenLDAP etc. We filled >>> in every line that is needed in the Server setting at the point ‘Lamdaemon >>> settings’. >>> Serverlist: localhost >>> Path to external script: /usr/share/ldap-account-manager/lib/lamdaemon.pl >>> User name: ldap >>> SSH key file: either /home/ldap/.ssh/id_rsa (can’t read in this directory >>> even with permission) OR /usr/share/ldap-account-manager/keys/id_rsa >>> SSH key password: *** >>> When I run the ‘lamdaemon test’ it always tells me using localhost as >>> lamdaemon remote server is fine but it’s unable to login to lamdaemon >>> server with error message SSH_MSG_USERAUTH_FAILURE. >>> We tried everything but it all didn’t work out so we are asking you for >>> help. :) >>> Kind regards, >>> Junaid Hassan >>> _______________________________________________ >>> Lam-public mailing list >>> Lam-public@lists.sourceforge.net >>> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216566274%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=7UaQtJ5XQodpCo4%2BrGpU%2BY4TiD6cwKoipm3E7beq9Rc%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public> >> >> >> >> _______________________________________________ >> Lam-public mailing list >> Lam-public@lists.sourceforge.net >> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216596884%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=fb2atpZTfrN5lD5bf%2FwBfya%2F0wuDX7vkgEga2ku2MOY%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public> > > _______________________________________________ > Lam-public mailing list > Lam-public@lists.sourceforge.net > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216618628%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=oNzQmMZODAN4QLbg4cj9J3rY03Hl4%2BmFppF8VvahOGM%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public> _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216638925%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Vns8uNBwktiin4ndgAH7u4%2BMtm%2FTmBcEoS0HqvN6fC8%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public>
_______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public
