Hi Junaid,
you need to setup nsswitch-ldap so that users are resolved using LDAP.
See /etc/libnss-ldap.conf
You can test this by running the following command and check if LDAP
accounts are listed.
getent passwd
Best regards
Roland
Am 06.12.24 um 16:43 schrieb Junaid Louis Hassan:
Hi Roland,
somehow I got it fixed, but now I am struggling with the point "Lamdaemon: check
NSS LDAP".
I get the error message "User ldap is a local user (/etc/passwd) but should be LDAP
only.".
I tried to add ldap via LAM and deleting it out of /etc/passwd but that didn't
worked out because then there is no unix account to connect to via SSH.
After that, I tried to add an account via LAM and connect with that via SSH but
there it tells me that the user doesn't exist.
I also changed the /etc/nsswitch.conf file and added ldap to passwd, group and
shadow.
Probably you know what to do?
Thanks in advance!
Kind regards
Junaid
________________________________
Von: Roland Gruber <p...@rolandgruber.de>
Gesendet: Donnerstag, 5. Dezember 2024 07:44
An: lam-public@lists.sourceforge.net <lam-public@lists.sourceforge.net>
Betreff: Re: [Lam-public] Can‘t get lamdaemon running
Hi Junaid,
can you retry with LAM 8.9 or 9.0.RC1? Just to validate it is not
connected to an outdated ssh lib that is embedded in LAM.
Also, set the debug level of the SSH server to debug to see how the
client wants to authenticate.
Best regards
Roland
Am 03.12.24 um 12:08 schrieb Junaid Louis Hassan:
Hi Roland,
I’ve tried your suggestions and it did work out if I do it manually. But as
soon as I try the Lamdaemon Test it gives me the following errors:
2024-12-03T11:56:24.625975+01:00 blabla-server sshd[743864]: userauth_pubkey:
signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
2024-12-03T11:56:24.632737+01:00 blabla-server sshd[743864]: Received
disconnect from 127.0.0.1 port 36602:11: [preauth]
2024-12-03T11:56:24.632839+01:00 blabla-server sshd[743864]: Disconnected from
authenticating user ldap 127.0.0.1 port 36602 [preauth]
I then tried to add “PubkeyAcceptedAlgorithms +ssh-rsa“ to the
/etc/ssh/sshd_config File but it didn't help either:
2024-12-03T12:03:06.716292+01:00 blabla-server sshd[744733]: Received
disconnect from 127.0.0.1 port 54798:11: [preauth]
2024-12-03T12:03:06.717028+01:00 blabla-server sshd[744733]: Disconnected from
authenticating user ldap 127.0.0.1 port 54798 [preauth]
Best regards
Junaid
Am 03.12.2024 um 07:53 schrieb Roland Gruber <p...@rolandgruber.de>:
Hi Junaid,
can you do a manual SSH login with these credentials on command line?
Please make sure that you test the login as the webserver user (e.g. www-data).
What does SSH report in its logs as rejection reason?
Best regards
Roland
Am 02.12.24 um 10:26 schrieb Junaid Louis Hassan:
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble
Hello there,
We just started to do an OpenLDAP Server with LDAP-Account-Manager 8.5 as our
web interface. It all worked out well but now we are at a point where we don’t
know what to do.
We made an ‘ldap’ user via SSH before we installed OpenLDAP etc. We filled in
every line that is needed in the Server setting at the point ‘Lamdaemon
settings’.
Serverlist: localhost
Path to external script: /usr/share/ldap-account-manager/lib/lamdaemon.pl
User name: ldap
SSH key file: either /home/ldap/.ssh/id_rsa (can’t read in this directory even
with permission) OR /usr/share/ldap-account-manager/keys/id_rsa
SSH key password: ***
When I run the ‘lamdaemon test’ it always tells me using localhost as lamdaemon
remote server is fine but it’s unable to login to lamdaemon server with error
message SSH_MSG_USERAUTH_FAILURE.
We tried everything but it all didn’t work out so we are asking you for help. :)
Kind regards,
Junaid Hassan
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216566274%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=7UaQtJ5XQodpCo4%2BrGpU%2BY4TiD6cwKoipm3E7beq9Rc%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public>
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216596884%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=fb2atpZTfrN5lD5bf%2FwBfya%2F0wuDX7vkgEga2ku2MOY%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public>
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216618628%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=oNzQmMZODAN4QLbg4cj9J3rY03Hl4%2BmFppF8VvahOGM%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public>
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Flam-public&data=05%7C02%7C%7Cf73f3c6238e04688392e08dd14f861cc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638689779216638925%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Vns8uNBwktiin4ndgAH7u4%2BMtm%2FTmBcEoS0HqvN6fC8%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/lam-public>
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
