Hi,
I have two client machines(CLIENT1 & CLIENT2) on which users are authenticated using a LDAP_SERVER. They also have autofs to mount the home directory at login.
The issue is that on CLIENT1 authentication and mount works fine, but not on CLIENT2. Although, both have the same configuration files.
Errors on CLIENT2:
Case 1: When PasswordAuthentication is set to No in sshd_config
ssh user@client2.isl.com
Permission denied (publickey).
Case 2: When PasswordAuthentication is commented in sshd_config
ssh user@client2.com
user@clent2.isl.com's password:
Linux client2.isl.com 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009 x86_64
Creating directory '/home/user'.
Unable to create and initialize directory '/home/user'.
Configurations files on CLIENT2:
1) /etc/pam.d/sshd
auth required pam_env.so # [1]
auth required pam_env.so envfile=/etc/default/locale
@include common-auth
account required pam_nologin.so
@include common-account
@include common-session
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
@include common-password
2) /etc/ldap.conf
base dc=auth,dc=ldap_server,dc=isl,dc=com
uri ldaps://192.169.214.54
ldap_version 3
rootbinddn cn=admin,dc=ldap_server,dc=isl,dc=com
pam_password md5
ssl start_tls
ssl on
tls_checkpeer yes
tls_cacertfile /etc/ssl/certs/ldap_server.isl.com.pem
3) /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
4) /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
#PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
5) /etc/auto.home
* 192.169.214.54:/home/&
6) /etc/auto.master
+auto.master
/home /etc/auto.home
Also, there exist no local user by the same name in any of the client machines. The public keys are correctly inserted in the //LDAP_SERVER/home/user/.ssh/authorized_keys or else login wouldn't have been possible on CLIENT1. `getent passwd` on CLIENT2 shows all LDAP users.
Any suggestions would be of great help.
Thanks!
--
Abhinav