Authentication/Login using Windows 2003 R2 Active Directory
Scott Ruckh
sruckh at gemneye.org
Wed Aug 9 16:15:23 UTC 2006
I have the following configuration:
/etc/openldap/ldap.conf
BASE ou=LNXUSERS,dc=example,dc=com
URI ldap://1.1.1.1/
HOST adsvr.example.com
TLS_REQCERT demand
TLS_CACERT /etc/openldap/cacerts/exampleCA.pem
/etc/ldap.conf
host adsvr.example.com
uri ldap://1.1.1.1
scope sub
timelimit 30
binddn adlookup at example.com
bindpw secret
tls_checkpeer no
ssl start_tls
nss_base_passwd ou=LNXUSERS,dc=example,dc=com?sub
nss_base_shadow ou=LNXUSERS,dc=example,dc=com?sub
nss_base_group
ou=LNXUSERS,dc=example,dc=com?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos name
nss_map_attribute homeDirectory unixHomeDirectory
pam_password ad
This configuration works without sending bind user's name and password
over the wire in clear text, and works for logging in from the local
console, but it does not work for ssh logins.
It looks like the user authenticates, but then receives a connection
closed message. The /var/log/messages only shows a pam_krb5 message
stating, "authentication succeeds for 'aduser' (aduser at EXAMPLE.COM)".
As the active directory user can login from local console I assume
/etc/krb5.conf, /etc/nsswitch.conf, and /etc/pam.d/system-auth are
configured correctly. I am guessing there is a problem possibly with
/etc/pam.d/sshd or /etc/ssh/ssh_config file.
Does anyone have any idea what is going on and how to get ssh logins working?
Thanks.
--
More information about the redhat-list
mailing list