On 11/28/2011 11:38 AM, Jayavant Patil wrote:
On Mon, Nov 28, 2011 at 3:43 PM, Raffael Sahli <public@raffaelsahli.com mailto:public@raffaelsahli.com> wrote:
>Hi >>but $cat /etc/shadow doesn't show any password information for user ldap_6. So, how do I know that userPassword attribute information is getting propagated to client nodes? >/etc/shadow is only for local user accounts. >su ldap_6 works?yes, su ldap_6 works.
How did you test that? With root acceess? Test it with a normal user, so you have to enter a password for the ldap account
And kill the nscd daemon for ldap tests.
>Pam LDAP libraries installed and configured?nss_ldap and pam_ldap installed.
>ldapsearch bind works?ldapsearch works on client nodes.
>SSH Debug log? OpenSSH_5.3p1, OpenSSL 1.0.0a-fips 1 Jun 2010debug1: Reading configuration data /root/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to n20 port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'n20' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password ldap_6@n20's password:
Öhm, We need the server side log entries... And with debug log level
-- Raffael Sahli public@raffaelsahli.com <mailto:public@raffaelsahli.com> On 11/28/2011 09:49 AM, Jayavant Patil wrote: Hi, I am using openLDAP-2.4.19-4 on fedora 12 machine. I have done all server and client configurations. The directory containing user information is getting available on client nodes(checked by $getent passwd) but I am unable to do $ssh <user-name>@client-node-name it shows Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). My client node .ssh/config file contents are as follows: ForwardX11 yes StrictHostKeyChecking no FallBackToRsh no BatchMode yes ConnectionAttempts 5 UsePrivilegedPort no Compression no Cipher blowfish UserKnownHostsFile /dev/null CheckHostIP no Even I am unable to login on the client node from console(i.e. from client node login window itself), it shows authentication failure message. On client node with $getent passwd, it shows ldap_6:x:514:514:ldap_6:/home/ldap_6:/bin/bash but $cat /etc/shadow doesn't show any password information for user ldap_6. So, how do I know that userPassword attribute information is getting propagated to client nodes? -- Thanks & Regards, Jayavant Ningoji Patil Engineer: System Software Computational Research Laboratories Ltd. Pune-411 004. Maharashtra, India. +91 9923536030.--
Thanks & Regards, Jayavant Ningoji Patil Engineer: System Software Computational Research Laboratories Ltd. Pune-411 004. Maharashtra, India. +91 9923536030.