Hey Guys,
I have made an LDAP + Samba PDC and am able to add users to it as well. But when I try to login using ssh to the user name I get the error message Permission denied (publickey,gssapi-with-mic,password). I'm really reaching the deadlines now and have tried all the resources I could get my hands on it would be greatly appreciated if you guys can help me out with this.
Regards,
Arun Nair
On Thu, 2008-10-23 at 18:40 +1100, Arun NAIR wrote:
Hey Guys,
I have made an LDAP + Samba PDC and am able to add users to it as well. But when I try to login using ssh to the user name I get the error message Permission denied (publickey,gssapi-with-mic,password). I'm really reaching the deadlines now and have tried all the resources I could get my hands on it would be greatly appreciated if you guys can help me out with this.
Hi,
for ssh to work there has to exist UNIX account with the same name as SAMBA account. this is samba default and samba can't operate without unix account with the same username.
what is happening is that your UNIX account has no password set (or the password is different from the SAMBA password. to sync samba and unix passwords there is a setting in smb.conf unix password sync = yes
have a look at the logs (it will be in syslog or auth.log depending on your syslog configuration) this will tell you more.
furthermore, this is not a ldap issue (you can expect the same behaviour with tdbsam or smbpasswd backend) and best is to ask at samba lists. M.
Regards,
Arun Nair
On Thursday 23 October 2008 09:40:13 Arun NAIR wrote:
Hey Guys,
I have made an LDAP + Samba PDC and am able to add users to it as well. But when I try to login using ssh to the user name I get the error message Permission denied (publickey,gssapi-with-mic,password). I'm really reaching the deadlines now and have tried all the resources I could get my hands on it would be greatly appreciated if you guys can help me out with this.
You haven't provided any information on what you have or have not set up.
1)Does 'getent passwd username' return anything for users in LDAP (e.g. 'getent passwd joe').
2)Is PAM set up to use pam_ldap for authentication ? Please consult your /etc/pam.d/system-auth or /etc/pam.d/common-auth files or /etc/pam.conf (not sure which, as you don't state what distro/OS you are using).
3)Is ssh configured to authenticate via PAM or not?
Regards, Buchan
openldap-technical@openldap.org
-
Arun NAIR -
Buchan Milne -
Martin Simovic