Hi,
I have two client machines(CLIENT1 & CLIENT2) on which users are authenticated using a LDAP_SERVER. They also have autofs to mount the home directory at login.
The issue is that on CLIENT1 authentication and mount works fine, but not on CLIENT2. Although, both have the same configuration files.
Errors on CLIENT2: *Case 1:* When PasswordAuthentication is set to No in sshd_config ssh user@client2.isl.com user@client1.isl.com Permission denied (publickey).
*Case 2*: When PasswordAuthentication is commented in sshd_config ssh user@client2.com user@client1.com user@clent2.isl.com user@clent1.isl.com's password: Linux client2.isl.com http://client1.isl.com 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009 x86_64 Creating directory '/home/user'. Unable to create and initialize directory '/home/user'.
Configurations files on CLIENT2: 1) /etc/pam.d/sshd auth required pam_env.so # [1] auth required pam_env.so envfile=/etc/default/locale @include common-auth account required pam_nologin.so @include common-account @include common-session session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 @include common-password
2) /etc/ldap.conf base dc=auth,dc=ldap_server,dc=isl,dc=com uri ldaps://192.169.214.54 ldap_version 3 rootbinddn cn=admin,dc=ldap_server,dc=isl,dc=com pam_password md5 ssl start_tls ssl on tls_checkpeer yes tls_cacertfile /etc/ssl/certs/ldap_server.isl.com.pem
3) /etc/nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
4) /etc/ssh/sshd_config Port 22 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 768 SyslogFacility AUTH LogLevel INFO
LoginGraceTime 120 PermitRootLogin yes StrictModes yes
RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys
IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no
ChallengeResponseAuthentication no
#PasswordAuthentication no
X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes
5) /etc/auto.home * 192.169.214.54:/home/&
6) /etc/auto.master +auto.master /home /etc/auto.home
Also, there exist no local user by the same name in any of the client machines. The public keys are correctly inserted in the //LDAP_SERVER/home/user/.ssh/authorized_keys or else login wouldn't have been possible on CLIENT1. `getent passwd` on CLIENT2 shows all LDAP users.
Any suggestions would be of great help. Thanks!