Hmm... What I'm trying to accomplish here is a configuration where users
authenticate to the ldap server with username/password (no kerberos
ticket) and their password is checked from kerberos. Is this possible
to do with the standard plugins? I've had a hard time trying to figure
out how
David Boreham wrote:
Hmm... What I'm trying to accomplish here is a configuration where users
authenticate to the ldap server with username/password (no kerberos
ticket) and their password is checked from kerberos. Is this possible
to do with the standard plugins? I've had a
Gary,
I did like you said. There was nothing in msgs file. From the remote host I
got this:
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication
Hi all,
I'm running FDS (binary rpm) on rhel4. I have rhel4 and solaris 10 clients.
If I inactivate a user account in the FDS admin GUI, then try to log in via
ssh as that inactivated user on any ol' random Linux client, the BIND
operation fails with err=53 (unwilling to perform). This, I
Gary, here's the output from /var/adm/messages:
Aug 30 16:17:38 unknown last message repeated 1 time
Aug 30 16:17:38 unknown sshd[1354]: [ID 800047 auth.error] error: PAM:
Authentication
failed for testdba from cnyitsun01.composers.foo.com
Aug 30 16:17:39 unknown sshd[1354]: [ID 316739
Brian,
It sounds like you're using the pam_unix module for authentication on
the Solaris 10 client instead of the pam_ldap module. The bind as the
proxy user is to retrieve the crypted password hash of the account,
which is then compared with the password given at login.
If you want LDAP
Well, this makes sense, but I'm using the Sun-recommended pam_ldap
configuration, straight from their documentation for Solaris 10. I
don't have a machine in front of me, but if memory serves, their
configuration includes pam_unix_auth, pam_unix_cred as well as
pam_ldap. I've read about the
0) Make sure every time you restart /etc/init.d/ldap.client
(ldap_cachemgr), restart also the /etc/init.d/nscd (name service cache
daemon).
1) Make sure you define CRYPT as the default passwordStorageScheme in
LDAP DIT (right click cn=config and edit its properties).
2) Make sure you have these