ini sh_config
Host *
ForwardX11 yes
Protocol 2,1
StrictHostKeyChecking no
ini pam.d/sshd
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
#auth required pam_securetty.so
#auth required pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_unix.so nullok try_first_pass #set_secrpc
account sufficient pam_ldap.so
account required pam_unix.so
account required pam_deny.so
password required pam_pwcheck.so nullok
password required pam_ldap.so use_first_pass use_authtok
password required pam_unix.so nullok use_first_pass use_authtok
session required pam_unix.so none # debug or trace
session required pam_limits.so
session required pam_env.so
session optional pam_mail.so
ini pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth sufficient pam_ldap.so
auth required pam_deny.so
account sufficient pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_deny.so
password required pam_cracklib.so retry=3 minlen=2 dcredit=0
ucredit=0
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_ldap.so
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
dan ini error log di /var/log/auth.log untuk user di lokal
May 11 15:21:07 unicorn sshd[19344]: PAM unable to
dlopen(/lib/security/pam_pwcheck.so)
May 11 15:21:07 unicorn sshd[19344]: PAM [dlerror:
/lib/security/pam_pwcheck.so: cannot open shared object file: No such file
or directory]
May 11 15:21:07 unicorn sshd[19344]: PAM adding faulty module:
/lib/security/pam_pwcheck.so
May 11 15:21:07 unicorn sshd(pam_unix)[19344]: auth could not identify
password for [it]
May 11 15:21:07 unicorn sshd(pam_unix)[19344]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=it
May 11 15:21:13 unicorn sshd[19344]: Failed password for it from
::ffff:192.168.88.192 port 2216
May 11 15:22:11 unicorn sshd[19344]: Failed password for it from
::ffff:192.168.88.192 port 2216
May 11 15:22:21 unicorn sshd(pam_unix)[19344]: 4 more authentication
failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192
user=it
May 11 15:22:21 unicorn sshd(pam_unix)[19344]: service(sshd) ignoring max
retries; 5 > 3
May 11 15:22:40 unicorn sshd(pam_unix)[19350]: auth could not identify
password for [it]
May 11 15:22:40 unicorn sshd(pam_unix)[19350]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=it
May 11 15:22:47 unicorn sshd[19350]: Failed password for it from
::ffff:192.168.88.192 port 2223
bahian modul pam_pwchecknya udah saya coba di quote engga bisa juga
terus ini error untuk user LDAP
May 11 15:24:11 unicorn sshd(pam_unix)[19360]: auth could not identify
password for [adi]
May 11 15:24:11 unicorn sshd(pam_unix)[19360]: check pass; user unknown
May 11 15:24:11 unicorn sshd(pam_unix)[19360]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192
May 11 15:24:22 unicorn sshd(pam_unix)[19360]: check pass; user unknown
May 11 15:24:23 unicorn sshd[19360]: Accepted password for adi from
::ffff:192.168.88.192 port 2230
May 11 15:24:23 unicorn sshd[19360]: nss_ldap: reconnecting to LDAP
server...
May 11 15:24:23 unicorn pam_limits[19363]: setrlimit 11 to -1073754428
failed: Operation not permitted
May 11 15:24:23 unicorn sshd(pam_unix)[19363]: session opened for user adi
by (uid=1000)
May 11 15:24:23 unicorn sshd(pam_unix)[19363]: unrecognized option [none]
May 11 15:24:23 unicorn sshd(pam_unix)[19363]: session opened for user adi
by (uid=1000)
May 11 15:24:23 unicorn pam_limits[19363]: setrlimit 11 to -1073754220
failed: Operation not permitted
May 11 15:24:23 unicorn sshd[19363]: fatal: PAM session setup failed[6]:
Permission denied
May 11 15:24:23 unicorn sshd(pam_unix)[19363]: 1 more authentication
failure; logname= uid=0 euid=0 tty=/dev/pts/5 ruser= rhost=192.168.88.192
May 11 15:24:23 unicorn sshd[19360]: nss_ldap: reconnected to LDAP server
after 1 attempt(s)
May 11 15:24:23 unicorn sshd(pam_unix)[19360]: 1 more authentication
failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192
nah ini log yang sukses untuk account root ada di lokal & ldap
May 11 15:24:23 unicorn sshd(pam_unix)[19363]: 1 more authentication
failure; logname= uid=0 euid=0 tty=/dev/pts/5 ruser= rhost=192.168.88.192
May 11 15:24:23 unicorn sshd[19360]: nss_ldap: reconnected to LDAP server
after 1 attempt(s)
May 11 15:24:23 unicorn sshd(pam_unix)[19360]: 1 more authentication
failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192
May 11 15:25:33 unicorn sshd(pam_unix)[19371]: auth could not identify
password for [root]
May 11 15:25:33 unicorn sshd(pam_unix)[19371]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=root
May 11 15:25:39 unicorn sshd[19371]: Accepted password for root from
::ffff:192.168.88.192 port 2244
May 11 15:25:39 unicorn sshd(pam_unix)[19371]: session opened for user root
by (uid=0)
May 11 15:25:39 unicorn sshd(pam_unix)[19371]: unrecognized option [none]
May 11 15:25:39 unicorn sshd(pam_unix)[19371]: session opened for user root
by (uid=0)
gimana ??? ada yang tahu apa yang terjadi ???
----- Original Message -----
From: "Cecep Mahbub" <[EMAIL PROTECTED]>
To: <tanya-jawab@linux.or.id>
Sent: Wednesday, May 11, 2005 2:56 PM
Subject: Re: [tanya-jawab] login user dari ssh dengan backend LDAP
> Adi Nugraha wrote:
> > memang saya menggunakan nss & pam ldap tapi saya sudah lihat di file
> > /etc/pam.d/login, dan sshd, file nya sama, dan setahu saya didalam kan
ada
> > juga modul untuk pam_stack.so yang memanggil service ke sys-auth dan
file di
> > sys auth itu juga sama kan buat semua service, ada kemungkinan lain gak
??
> > barusan saya pake user lokal kaga bisa juga,,,,,, kalo pake user LDAP
> > bilangnya permissions denied, kalo pake user lokal account expired,
padahal
> > accountnya barusan saya coba melalui akses langsung bisa, gimana tuh
>
> kalau menurut manual (man sshd_config), ada satu settingan yang bisa
> membatasi akses user. coba lihat bagian AllowUsers.
>
> begini saja, copy paste ke sini. biar lebih jelas informasinya.
>
> /etc/ssh/sshd_config
> /etc/pam.d/ssh
> /etc/pam.d/system-auth
>
> -Cecep-
>
> --
> Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
> Arsip, FAQ, dan info milis di http://linux.or.id/milis
> Tidak bisa posting? Baca:
> http://linux.or.id/problemmilis
> http://linux.or.id/tatatertibmilis
>
>
--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip, FAQ, dan info milis di http://linux.or.id/milis
Tidak bisa posting? Baca:
http://linux.or.id/problemmilis
http://linux.or.id/tatatertibmilis
