On 12/18/16 18:40 +0800, Frank Yu wrote:
I have setup a LDAP service on host A, and configure ldap client on host B. when I tried to login host B with user which already added in LDAP server, it report error even through I enter right passwd
shanzhi.yu@10.10.10.101's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password Permission denied, please try again. shanzhi.yu@10.10.10.101's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password Permission denied, please try again. shanzhi.yu@10.10.10.101's password:"
and, I can su to user shanzhi.yu on host B
[root@ host B ~]# su shanzhi.yu [shanzhi.yu@ host B root]$ cd [shanzhi.yu@ host B ~]$
There are too many missing variables to give you specific advice. General trouble shooting steps would include:
1) Enable server side (ssh) debugging to glean additional insight into the problem.
2) Verify your ssh server config has pam enabled (assuming you're using an ldap based pam module).
3) And if you are depending on pam to perform authentication, verify your pam config with pamtester. Consult your pam ldap module documentation as pam tends to be one of the more complicated parts of this type of setup.