Hi Friends, I have a openldap server running on one machine (fedora10) and pam_ldap.so and nss_ldap.so running on the other machine. I have added a new user to the LDAP server database, this user is not created on client machine. 1. Can i login to the client machine using this new user?2. Now if i try logging with this new user I am getting error messages, the error messages are as follows at client side Sep 2 10:34:36 localhost sshd[8484]: Invalid user kim from 10.254.194.148Sep 2 10:34:36 localhost sshd[8485]: input_userauth_request: invalid user kim Sep 2 10:35:16 localhost sshd[8484]: pam_ldap: error trying to bind as user "cn=min soo,ou=people,dc=samsung,dc=com" (Invalid credentials)Sep 2 10:35:16 localhost sshd[8484]: pam_succeed_if(sshd:auth): error retrieving information about user kimSep 2 10:35:16 localhost sshd[8484]: Failed password for invalid user kim from 10.254.194.148 port 52652 ssh2 Kindly let me know is it a limitation with LDAP ??? Thanks and Regards,VIJAY S.
On Friday, 2 September 2011 03:35:24 vijay s sheelavantar wrote:
Hi Friends, I have a openldap server running on one machine (fedora10) and pam_ldap.so and nss_ldap.so running on the other machine. I have added a new user to the LDAP server database, this user is not created on client machine. 1. Can i login to the client machine using this new user?
Yes, if your client configuration is correct.
- Now if i try
logging with this new user I am getting error messages, the error messages are as follows at client side Sep 2 10:34:36 localhost sshd[8484]: Invalid user kim from 10.254.194.148Sep 2 10:34:36 localhost sshd[8485]: input_userauth_request: invalid user kim
This looks like you haven't configured nsswitch.conf correctly.
Sep 2 10:35:16 localhost sshd[8484]: pam_ldap: error trying to bind as user "cn=min soo,ou=people,dc=samsung,dc=com" (Invalid credentials)
You entered the wrong password, or possibly your ACLs on the server don't allow anonymous auth access to the userPassword attribute. You may first want to test directly, e.g. with ldapwhoami, such as:
ldapwhoami -x -D cn=minsoo,ou=people,dc=samsung,dc=com -W
(if your /etc/openldap/ldap.conf is not appropriately configured, you may need to specify -h or -H options, see the ldapwhoami(1) and ldap.conf(5) man pages).
Sep 2 10:35:16 localhost sshd[8484]: pam_succeed_if(sshd:auth): error retrieving information about user kimSep 2 10:35:16 localhost sshd[8484]: Failed password for invalid user kim from 10.254.194.148 port 52652 ssh2 Kindly let me know is it a limitation with LDAP ???
No, all our production servers run without any local accounts for real users, without problems for the last 6+ years.
Regards, Buchan
openldap-technical@openldap.org