Senhores,

Tenho um server LDAP em produção autenticando sem problemas. Já estou usando 
Samba com ele normalmente.

Tentei configurar o SSH para usar a base ldap mas não obtive êxito.

Quando eu executo o comando id user, ele mostra os dados do usuário, então, 
penso que a integração com o LDAP está correta.

[/etc/pam.d]# id user
uid=2013(user) gid=513(Domain Users) groups=513(Domain Users)

eu setei loginShell: /bin/sh para este usuário.


No momento em que efetuo o login via ssh ele pede o "Old password". Se eu 
digitar a senha incorreta ele pede a senha novamente (3 vezes). Vejam:

[/etc/pam.d]# ssh -v [EMAIL PROTECTED]
OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to servidor [xxx.xxx.xxx.x] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 
FreeBSD-20080901
debug1: match: OpenSSH_5.1p1 FreeBSD-20080901 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'xxx.xxx.xxx.x' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:8
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password: 
Old Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
Password: 
debug1: Authentications that can continue: publickey,keyboard-interactive
Password: 
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
[/etc/pam.d]# 

E não vai adiante. Isso só aparece quando digito a senha corretamente.

Config do sshd em /etc/pam.d/sshd:

#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
auth            sufficient      /usr/local/lib/pam_ldap.so              no_warn 
try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        pam_nologin.so
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass

Reitero que o LDAP está ok e o samba já está autenticando usuários normalmente.

Alguma dica?

Obrigado.

_________________________________________________________________
Confira vídeos com notícias do NY Times, gols direto do Lance, videocassetadas 
e muito mais no MSN Video!
http://video.msn.com/?mkt=pt-br
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Responder a