Sorry, i'm confused....
I've been asked to setup a LDAP server so that our developers can SSH from their computers to remote systems, through the LDAP server, giving us the ability to control who can ssh.....
I've spent the last few days trawlling through the documentation, and get as far as having the ldap server setup, but can't seem to get any further.
Do I need to add local accounts to the LDAP server?
What we were trying to achieve was
User > Ldap Server > Remote Server
with the Remote server pointing at the ldap server for authentication, thus stopping us from creating local accounts and from adding ssh keys to the Remote Servers.
On Tue, May 14, 2013 at 3:21 PM, Dan White dwhite@olp.net wrote:
On Tue, May 14, 2013 at 2:54 PM, Dan White dwhite@olp.net wrote:
On 05/14/13 11:19 +0100, Stuart Watson wrote:
Hi
I have created an ec2 instance and have installed openldap and setup openldap to use OpenSSH. However I cannot ssh from a remote pc, to the openldap server, I just get invalid user, although the username is the same that I have specified in openldap.
Assuming this is a Linux system, use the following to trouble shoot:
getent passwd <user> (verifies your nss ldap plugin) pamtester (verifies your pam module) ldapsearch (basic data verification)
On 05/14/13 15:00 +0100, Stuart Watson wrote:
Yes, it's an Ubuntu 12.04 system...This is the walkthrough I have been following.
http://tuxotaku.com/bitbucket/**2011/12/20/setting-up-** passwordless-ssh-login-and-**key-management-using-l.htmlhttp://tuxotaku.com/bitbucket/2011/12/20/setting-up-passwordless-ssh-login-and-key-management-using-l.html
I get as far as the end of this, and try to SSH to the box, and I get invalid user in the SSH logs.....
That tutorial seems to assume that you have added your users with standard adduser/useradd utilities.
Try adding your user, and verifying with 'getent passwd <user>', before trouble shooting ldap or ssh.
-- Dan White