LDAP authentication fails - openldap-technical

6 Feb 2012


      Hi,
I have two client machines(CLIENT1 & CLIENT2) on which users are
authenticated using a LDAP_SERVER. They also have autofs to mount the home
directory at login.
The issue is that on CLIENT1 authentication and mount works fine, but not
on CLIENT2. Although, both have the same configuration files.
Errors on CLIENT2:
*Case 1:* When PasswordAuthentication is set to No in sshd_config
ssh user@client2.isl.com user@client1.isl.com
Permission denied (publickey).
*Case 2*: When PasswordAuthentication is commented in sshd_config
ssh user@client2.com user@client1.com
user@clent2.isl.com user@clent1.isl.com's password:
Linux client2.isl.com http://client1.isl.com 2.6.31-14-generic #48-Ubuntu
SMP Fri Oct 16 14:05:01 UTC 2009 x86_64
Creating directory '/home/user'.
Unable to create and initialize directory '/home/user'.
Configurations files on CLIENT2:
1) /etc/pam.d/sshd
auth       required     pam_env.so # [1]
auth       required     pam_env.so envfile=/etc/default/locale
@include common-auth
account    required     pam_nologin.so
@include common-account
@include common-session
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so
session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
@include common-password
2) /etc/ldap.conf
base dc=auth,dc=ldap_server,dc=isl,dc=com
uri ldaps://192.169.214.54
ldap_version 3
rootbinddn cn=admin,dc=ldap_server,dc=isl,dc=com
pam_password md5
ssl start_tls
ssl on
tls_checkpeer yes
tls_cacertfile /etc/ssl/certs/ldap_server.isl.com.pem
3) /etc/nsswitch.conf
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis
4) /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile    %h/.ssh/authorized_keys
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
#PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
5) /etc/auto.home
*            192.169.214.54:/home/&
6) /etc/auto.master
+auto.master
/home         /etc/auto.home
Also, there exist no local user by the same name in any of the client
machines. The public keys are correctly inserted in the
//LDAP_SERVER/home/user/.ssh/authorized_keys or else login wouldn't have
been possible on CLIENT1. `getent passwd` on CLIENT2 shows all LDAP users.
Any suggestions would be of great help.
Thanks!
-- 
Abhinav