ini sh_config Host * ForwardX11 yes Protocol 2,1 StrictHostKeyChecking no
ini pam.d/sshd auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth #auth required pam_securetty.so #auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_unix.so nullok try_first_pass #set_secrpc account sufficient pam_ldap.so account required pam_unix.so account required pam_deny.so password required pam_pwcheck.so nullok password required pam_ldap.so use_first_pass use_authtok password required pam_unix.so nullok use_first_pass use_authtok session required pam_unix.so none # debug or trace session required pam_limits.so session required pam_env.so session optional pam_mail.so ini pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth sufficient pam_ldap.so auth required pam_deny.so account sufficient pam_unix.so use_first_pass account sufficient pam_ldap.so account required pam_deny.so password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 password sufficient pam_unix.so nullok use_authtok md5 shadow password sufficient pam_ldap.so password required pam_deny.so session required pam_limits.so session required pam_unix.so dan ini error log di /var/log/auth.log untuk user di lokal May 11 15:21:07 unicorn sshd[19344]: PAM unable to dlopen(/lib/security/pam_pwcheck.so) May 11 15:21:07 unicorn sshd[19344]: PAM [dlerror: /lib/security/pam_pwcheck.so: cannot open shared object file: No such file or directory] May 11 15:21:07 unicorn sshd[19344]: PAM adding faulty module: /lib/security/pam_pwcheck.so May 11 15:21:07 unicorn sshd(pam_unix)[19344]: auth could not identify password for [it] May 11 15:21:07 unicorn sshd(pam_unix)[19344]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=it May 11 15:21:13 unicorn sshd[19344]: Failed password for it from ::ffff:192.168.88.192 port 2216 May 11 15:22:11 unicorn sshd[19344]: Failed password for it from ::ffff:192.168.88.192 port 2216 May 11 15:22:21 unicorn sshd(pam_unix)[19344]: 4 more authentication failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=it May 11 15:22:21 unicorn sshd(pam_unix)[19344]: service(sshd) ignoring max retries; 5 > 3 May 11 15:22:40 unicorn sshd(pam_unix)[19350]: auth could not identify password for [it] May 11 15:22:40 unicorn sshd(pam_unix)[19350]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=it May 11 15:22:47 unicorn sshd[19350]: Failed password for it from ::ffff:192.168.88.192 port 2223 bahian modul pam_pwchecknya udah saya coba di quote engga bisa juga terus ini error untuk user LDAP May 11 15:24:11 unicorn sshd(pam_unix)[19360]: auth could not identify password for [adi] May 11 15:24:11 unicorn sshd(pam_unix)[19360]: check pass; user unknown May 11 15:24:11 unicorn sshd(pam_unix)[19360]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 May 11 15:24:22 unicorn sshd(pam_unix)[19360]: check pass; user unknown May 11 15:24:23 unicorn sshd[19360]: Accepted password for adi from ::ffff:192.168.88.192 port 2230 May 11 15:24:23 unicorn sshd[19360]: nss_ldap: reconnecting to LDAP server... May 11 15:24:23 unicorn pam_limits[19363]: setrlimit 11 to -1073754428 failed: Operation not permitted May 11 15:24:23 unicorn sshd(pam_unix)[19363]: session opened for user adi by (uid=1000) May 11 15:24:23 unicorn sshd(pam_unix)[19363]: unrecognized option [none] May 11 15:24:23 unicorn sshd(pam_unix)[19363]: session opened for user adi by (uid=1000) May 11 15:24:23 unicorn pam_limits[19363]: setrlimit 11 to -1073754220 failed: Operation not permitted May 11 15:24:23 unicorn sshd[19363]: fatal: PAM session setup failed[6]: Permission denied May 11 15:24:23 unicorn sshd(pam_unix)[19363]: 1 more authentication failure; logname= uid=0 euid=0 tty=/dev/pts/5 ruser= rhost=192.168.88.192 May 11 15:24:23 unicorn sshd[19360]: nss_ldap: reconnected to LDAP server after 1 attempt(s) May 11 15:24:23 unicorn sshd(pam_unix)[19360]: 1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 nah ini log yang sukses untuk account root ada di lokal & ldap May 11 15:24:23 unicorn sshd(pam_unix)[19363]: 1 more authentication failure; logname= uid=0 euid=0 tty=/dev/pts/5 ruser= rhost=192.168.88.192 May 11 15:24:23 unicorn sshd[19360]: nss_ldap: reconnected to LDAP server after 1 attempt(s) May 11 15:24:23 unicorn sshd(pam_unix)[19360]: 1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 May 11 15:25:33 unicorn sshd(pam_unix)[19371]: auth could not identify password for [root] May 11 15:25:33 unicorn sshd(pam_unix)[19371]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.88.192 user=root May 11 15:25:39 unicorn sshd[19371]: Accepted password for root from ::ffff:192.168.88.192 port 2244 May 11 15:25:39 unicorn sshd(pam_unix)[19371]: session opened for user root by (uid=0) May 11 15:25:39 unicorn sshd(pam_unix)[19371]: unrecognized option [none] May 11 15:25:39 unicorn sshd(pam_unix)[19371]: session opened for user root by (uid=0) gimana ??? ada yang tahu apa yang terjadi ??? ----- Original Message ----- From: "Cecep Mahbub" <[EMAIL PROTECTED]> To: <tanya-jawab@linux.or.id> Sent: Wednesday, May 11, 2005 2:56 PM Subject: Re: [tanya-jawab] login user dari ssh dengan backend LDAP > Adi Nugraha wrote: > > memang saya menggunakan nss & pam ldap tapi saya sudah lihat di file > > /etc/pam.d/login, dan sshd, file nya sama, dan setahu saya didalam kan ada > > juga modul untuk pam_stack.so yang memanggil service ke sys-auth dan file di > > sys auth itu juga sama kan buat semua service, ada kemungkinan lain gak ?? > > barusan saya pake user lokal kaga bisa juga,,,,,, kalo pake user LDAP > > bilangnya permissions denied, kalo pake user lokal account expired, padahal > > accountnya barusan saya coba melalui akses langsung bisa, gimana tuh > > kalau menurut manual (man sshd_config), ada satu settingan yang bisa > membatasi akses user. coba lihat bagian AllowUsers. > > begini saja, copy paste ke sini. biar lebih jelas informasinya. > > /etc/ssh/sshd_config > /etc/pam.d/ssh > /etc/pam.d/system-auth > > -Cecep- > > -- > Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] > Arsip, FAQ, dan info milis di http://linux.or.id/milis > Tidak bisa posting? Baca: > http://linux.or.id/problemmilis > http://linux.or.id/tatatertibmilis > > -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis Tidak bisa posting? Baca: http://linux.or.id/problemmilis http://linux.or.id/tatatertibmilis