Sorry, i'm confused.... I've been asked to setup a LDAP server so that our developers can SSH from their computers to remote systems, through the LDAP server, giving us the ability to control who can ssh.....
I've spent the last few days trawlling through the documentation, and get as far as having the ldap server setup, but can't seem to get any further. Do I need to add local accounts to the LDAP server? What we were trying to achieve was User > Ldap Server > Remote Server with the Remote server pointing at the ldap server for authentication, thus stopping us from creating local accounts and from adding ssh keys to the Remote Servers. On Tue, May 14, 2013 at 3:21 PM, Dan White <[email protected]> wrote: > > On Tue, May 14, 2013 at 2:54 PM, Dan White <[email protected]> wrote: >> >>> On 05/14/13 11:19 +0100, Stuart Watson wrote: >>> >>>> Hi >>>> >>>> I have created an ec2 instance and have installed openldap and setup >>>> openldap to use OpenSSH. However I cannot ssh from a remote pc, to the >>>> openldap server, I just get invalid user, although the username is the >>>> same >>>> that I have specified in openldap. >>>> >>> >>> Assuming this is a Linux system, use the following to trouble shoot: >>> >>> getent passwd <user> (verifies your nss ldap plugin) >>> pamtester (verifies your pam module) >>> ldapsearch (basic data verification) >>> >> > On 05/14/13 15:00 +0100, Stuart Watson wrote: > >> Yes, it's an Ubuntu 12.04 system...This is the walkthrough I have been >> following. >> >> >> http://tuxotaku.com/bitbucket/**2011/12/20/setting-up-** >> passwordless-ssh-login-and-**key-management-using-l.html<http://tuxotaku.com/bitbucket/2011/12/20/setting-up-passwordless-ssh-login-and-key-management-using-l.html> >> >> I get as far as the end of this, and try to SSH to the box, and I get >> invalid user in the SSH logs..... >> > > That tutorial seems to assume that you have added your users with standard > adduser/useradd utilities. > > Try adding your user, and verifying with 'getent passwd <user>', before > trouble shooting ldap or ssh. > > -- > Dan White >
