Marc, sorry to bother you with this, but I can not access a SSH server using these settings. Could you take a look if you have time to find out if my settings are wrong?
When I do a "ssh -l nslcd-connect" (or any other user) to the server, i got this in /var/log/auth.log: Aug 26 11:09:14 ldap sshd[4642]: Invalid user nslcd-connect from MY_MACHINE Aug 26 11:09:14 ldap sshd[4642]: input_userauth_request: invalid user nslcd-connect [preauth] Aug 26 11:09:21 ldap sshd[4642]: pam_unix(sshd:auth): check pass; user unknown Aug 26 11:09:21 ldap sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=MY_FQDN Aug 26 11:09:21 ldap sshd[4642]: pam_ldap: ldap_simple_bind Can't contact LDAP server Aug 26 11:09:21 ldap sshd[4642]: pam_ldap: reconnecting to LDAP server... Aug 26 11:09:21 ldap sshd[4642]: pam_ldap: ldap_simple_bind Can't contact LDAP server Aug 26 11:09:23 ldap sshd[4642]: Failed password for invalid user nslcd-connect from MY_MACHINE port 51004 ssh2 Aug 26 11:09:25 ldap sshd[4642]: Connection closed by MY_MACHINE [preauth] ============> This is my samba4 server LDAP test: root@samba:~# ldapsearch -U nslcd-connect -h localhost -b DC=corporativo,DC=mydomain,DC=net "cn=nslcd-connect" distinguishedName SASL/NTLM authentication started Please enter your password: SASL username: nslcd-connect SASL SSF: 0 # extended LDIF # # LDAPv3 # base <DC=corporativo,DC=mydomain,DC=net> with scope subtree # filter: cn=nslcd-connect # requesting: distinguishedName # # nslcd-connect, Users, corporativo.sodobrasil.net.br dn: CN=nslcd-connect,CN=Users,DC=corporativo,DC=mydomain,DC=net distinguishedName: CN=nslcd-connect,CN=Users,DC=corporativo,DC=mydomain,DC=net # search reference ref: ldap:// corporativo.sodobrasil.net.br/CN=Configuration,DC=corporativo,DC=mydomain,DC=net # search reference ref: ldap:// corporativo.sodobrasil.net.br/DC=DomainDnsZones,DC=corporativo,DC=mydomain,DC=net # search reference ref: ldap:// corporativo.sodobrasil.net.br/DC=ForestDnsZones,DC=corporativo,DC=mydomain,DC=net # search result search: 4 result: 0 Success # numResponses: 5 # numEntries: 1 # numReferences: 3 =============== > This is /etc/nslcd.conf #Mappings for Active Directory pagesize 1000 referrals off # Passwd filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName map passwd gidNumber primaryGroupID # Shadow filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)) map shadow uid sAMAccountName map shadow shadowLastChange pwdLastSet # Groups filter group (&(objectClass=group)(objectClass=posixGroup)(gidNumber=*)) #map group uniqueMember member # Local account, nslcd runs under uid nslcd gid nslcd # LDAP server settings uri ldap://IP_OF_SAMBA_SERVER base dc=corporativo,dc=mydomain,dc=net # Account in AD that is used from Nslcd to bind to the directory #binddn cn=teste,cn=Users,dc=corporativo,dc=mydomain,dc=net binddn CN=nslcd-connect,CN=Users,DC=corporativo,dc=mydomain,dc=net bindpw nslcd-connect_password =================> This is /usr/share/libpam-ldap/ldap.conf base DC=corporativo,dc=mydomain,dc=net binddn cn=nslcd-connect,cn=Users,DC=corporativo,dc=mydomain,dc=net bindpw mudar123 bind_policy soft pam_login_attribute sAMAccountName uri ldap://IP_OF_SAMBA_SERVER ssl no 2013/8/26 Marc Muehlfeld <[email protected]> > Am 26.08.2013 14:10, schrieb Bruno Vane: > > I will try this configuration. For this to work I need openLDAP proxy? >> > > No. You can access AD via LDAP direclty. > > -- Bruno Vane HPM Tecnologia (24) 9278-7195 / (24) 3345-0002 skype: broonu www.zamix.com.br | www.superonda.com.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
