Authenticating via LDAP to Active Directory
Davis, Jared Scott
DavisJar at missouri.edu
Thu Feb 22 15:10:40 EST 2007
"sshd: pam_ldap: ldap_simple_bind Can't contact LDAP server"
University of Missouri-Columbia
100 Pershing Hall
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Jim Canfield
Sent: Thursday, February 22, 2007 2:04 PM
To: General Red Hat Linux discussion list
Subject: Re: Authenticating via LDAP to Active Directory
Davis, Jared Scott wrote:
> I’m trying to set up our server to connect to our campus Active Directory to authenticate users via LDAP. Basically we need only certain authorized users to be able to log in -- via the physical machine, ssh, or VPN using their university ID/password in Active Directory.
> - ran authconfig, selected all relevant options, and entered ldap server and base dn
> - required certificates in /etc/openldap/cacerts/
> - /etc/openldap/ldap.conf (slink with /etc/ldap.conf) set up according to one of the network guys - and if we do an ldapsearch we receive info, so I believe it’s working ok
> - /etc/ssh/sshd_config has “UsePam yes”
> However, when I try to SSH in, I get a password authentication error.
> I think the problem resides in the /etc/pam.d/sshd file…I copied the /etc/pam.d/samba to /etc/pam.d/sshd because Samba works fine and seems to authenticate via LDAP ok.
> Has anyone else had any luck with this? It’s been a headache!
What does /var/log/messages say? My guess is you might be missing
something in /etc/pam.d/system-auth. You may have to add this line (or
something similar) in the account section:
account [default=bad success=ok user_unknown=ignore]
I'm just guessing though. : )
Just a note: I'm not a big fan of *playing* with the system-auth file -
Jim Canfield, CISSP
Tulsa Spine and Specialty Hospital
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
More information about the redhat-list