On Friday, 2 September 2011 03:35:24 vijay s sheelavantar wrote:
I have a openldap server running on one machine (fedora10) and pam_ldap.so
and nss_ldap.so running on the other machine. I have added a new user to
the LDAP server database, this user is not created on client machine. 1.
Can i login to the client machine using this new user?
Yes, if your client configuration is correct.
2. Now if i try
logging with this new user I am getting error messages, the error messages
are as follows at client side Sep 2 10:34:36 localhost sshd:
Invalid user kim from 10.254.194.148Sep 2 10:34:36 localhost
sshd: input_userauth_request: invalid user kim
This looks like you haven't configured nsswitch.conf correctly.
Sep 2 10:35:16
localhost sshd: pam_ldap: error trying to bind as user "cn=min
soo,ou=people,dc=samsung,dc=com" (Invalid credentials)
You entered the wrong password, or possibly your ACLs on the server don't
allow anonymous auth access to the userPassword attribute. You may first want
to test directly, e.g. with ldapwhoami, such as:
ldapwhoami -x -D cn=minsoo,ou=people,dc=samsung,dc=com -W
(if your /etc/openldap/ldap.conf is not appropriately configured, you may need
to specify -h or -H options, see the ldapwhoami(1) and ldap.conf(5) man
Sep 2 10:35:16
localhost sshd: pam_succeed_if(sshd:auth): error retrieving
information about user kimSep 2 10:35:16 localhost sshd:
Failed password for invalid user kim from 10.254.194.148 port 52652 ssh2
Kindly let me know is it a limitation with LDAP ???
No, all our production servers run without any local accounts for real users,
without problems for the last 6+ years.