Authenticating via LDAP to Active Directory

Davis, Jared Scott DavisJar at missouri.edu
Thu Feb 22 15:10:40 EST 2007


In /var/log/messages:
"sshd: pam_ldap: ldap_simple_bind Can't contact LDAP server"

Thanks,
 
Jared Davis
Internet Administrator
Residential Life
University of Missouri-Columbia
100 Pershing Hall
(573) 884-3616

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Jim Canfield
Sent: Thursday, February 22, 2007 2:04 PM
To: General Red Hat Linux discussion list
Subject: Re: Authenticating via LDAP to Active Directory

Davis, Jared Scott wrote:
> I’m trying to set up our server to connect to our campus Active Directory to authenticate users via LDAP.  Basically we need only certain authorized users to be able to log in -- via the physical machine, ssh, or VPN using their university ID/password in Active Directory.  
>
>  
>
> - ran authconfig, selected all relevant options, and entered ldap server and base dn
>
> - required certificates in /etc/openldap/cacerts/
>
> - /etc/openldap/ldap.conf (slink with /etc/ldap.conf) set up according to one of the network guys - and if we do an ldapsearch we receive info, so I believe it’s working ok
>
> - /etc/ssh/sshd_config has “UsePam yes”
>
>  
>
> However, when I try to SSH in, I get a password authentication error.
>
>  
>
> I think the problem resides in the /etc/pam.d/sshd file…I copied the /etc/pam.d/samba to /etc/pam.d/sshd because Samba works fine and seems to authenticate via LDAP ok.
>
>  
>
> Has anyone else had any luck with this?  It’s been a headache!
>
>  
>
>   
What does /var/log/messages say? My guess is you might be missing 
something in /etc/pam.d/system-auth. You may have to add this line (or 
something similar) in the account section:

account [default=bad success=ok user_unknown=ignore] 
/lib/security/$ISA/pam_krb5.so

I'm just guessing though. : )

Just a note: I'm not a big fan of *playing* with the system-auth file - 
be careful.

Jim

-- 
Jim Canfield, CISSP
Tulsa Spine and Specialty Hospital

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list




More information about the redhat-list mailing list