[Fedora-directory-users] ssh login fail

Richard Megginson rmeggins at redhat.com
Mon Sep 10 20:43:46 UTC 2007


Steven Jones wrote:
> Yes.
>
> Thanks, I have this page book marked.
>
> Content looks identical to what I have...I have spent days on this
> googling with no joy. 
>
> Since a Debian LDAP client also does not work I suspect it is a server
> side FDS mis-configuration and not client side, but I could be wrong.
> Previously I had a Debian Openldap setup working and that was fine. So
> it looks like something is missing/broken in FDS.
>
> I find it interesting that yours is the only reply for what I assume is
> a default type of problem....suggests a poor likelihood of the product
> being supportable long term....
>   
I'm assuming the lack of replies means that 1) people just got it to 
work by following the directions and didn't run into the problems you 
are seeing 2) just don't have the time to reply 3) have no experience 
with setting up ssh.  I know other people on this list have been able to 
integrate ssh with Fedora DS.  I'm sorry that you have not.  I'm not 
sure why you have not been able to.  You could look at the Fedora DS 
access and error logs, the pam/ssh logs, and even make Fedora DS logging 
more verbose - http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting

I would start with the Fedora DS access log.  See if ssh is making a 
connection to Fedora DS, if so, see what types of operations are being 
sent, and the responses to those operations.  For searches, see what the 
base DN, filter, and attributes being requested are.
> regards
>
> Steven Jones
> Senior  Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
> Megginson
> Sent: Tuesday, 11 September 2007 3:31 a.m.
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] ssh login fail
>
> Steven Jones wrote:
>   
>> Hi,
>>
>> I am trying to get a RHEL4 box to LDAP authenticate against FDS (also 
>> on RHEL4) and failing.....
>>
>> In the logs (messages) I have,
>>
>> Sep 10 13:30:52 vuwunicvfwall02 sshd(pam_unix)[2284]: authentication 
>> failure; logname= uid=0 euid=0 tty=ssh ruser= 
>> rhost=vuwunicvadmin02.res.vuw.ac.nz user=jonesst1
>>
>> Sep 10 13:30:52 vuwunicvfwall02 sshd[2284]: pam_ldap: ldap_simple_bind
>>     
>
>   
>> Can't contact LDAP server
>>
>> Sep 10 13:30:52 vuwunicvfwall02 sshd[2284]: pam_ldap: ldap_simple_bind
>>     
>
>   
>> Can't contact LDAP server
>>
>> Sep 10 13:31:05 vuwunicvfwall02 sshd(pam_unix)[2284]: 2 more 
>> authentication failures; logname= uid=0 euid=0 tty=ssh ruser= 
>> rhost=vuwunicvadmin02.res.vuw.ac.nz user=jonesst1
>>
>> Any ideas why? And how to fix? Also is there a way to search the 
>> archive for this list?
>>
>>     
> Have you seen this: http://directory.fedoraproject.org/wiki/Howto:PAM - 
> search for ssh
>   
>> When I do a,
>>
>> ldapsearch -x -h 130.195.87.249 -b dc=vuw,dc=ac,dc=nz "(ou=Users)"
>>
>> The server replies so FDS appears to be running OK....
>>
>> Also is there a way to search the archive for this list? I have tried 
>> Googling with no luck...
>>
>> regards
>>
>> Steven Jones
>> Senior Linux/Unix/San/Vmware System Administrator
>> APG -Technology Integration Team
>> Victoria University of Wellington
>> Phone: +64 4 463 6272
>>
>>
>>     
> ------------------------------------------------------------------------
>   
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
>>     
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070910/2149c11f/attachment.bin>


More information about the Fedora-directory-users mailing list