[Comm] LDAP&SSH

Anton Gorlov =?iso-8859-1?q?Pnz=2EStalker_=CE=C1_mail=2Eru?=
Ср Мар 23 10:26:30 MSK 2005


Здравствуйте, community.

В соседней рассылкепока не помогли. Может здесь кто-нибудь, что-ибудь
подскажет....

В общем есть пользователь в лдапе. Логинится и работает без проблем.
Но по ssh никак не получается залогиниться. При попытке логина получаю
вот такое вот сообщение:

login as: tstuser
tstuser на 192.168.198.1's password:
Access denied
tstuser на 192.168.198.1's password:

В логе при этом

Mar 22 23:21:42 vmstalker pam_tcb[3055]: sshd: Authentication failed for tstuser from (uid=0)
Mar 22 23:21:43 vmstalker pam_tcb[3055]: sshd: Authentication failed for tstuser from (uid=0)
Mar 22 23:21:43 vmstalker sshd[3056]: Failed password for tstuser from 192.168.198.2 port 1157 ssh2
Mar 22 23:22:05 vmstalker sshd[3056]: Connection closed by 192.168.198.2

А в логе ldap
[root на vmstalker log]# cat ./ldap
Mar 22 23:21:31 vmstalker slapd[1877]: conn=66 fd=22 ACCEPT from IP=127.0.0.1:1091 (IP=127.0.0.1:389)
Mar 22 23:21:31 vmstalker slapd[1939]: conn=66 op=0 BIND dn="cn=admin,dc=samba" method=128
Mar 22 23:21:31 vmstalker slapd[1939]: conn=66 op=0 BIND dn="cn=admin,dc=samba" mech=SIMPLE ssf=0
Mar 22 23:21:31 vmstalker slapd[1939]: conn=66 op=0 RESULT tag=97 err=0 text=
Mar 22 23:21:31 vmstalker slapd[1939]: conn=66 op=1 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=posixAccount)(uid=tstuser))"
Mar 22 23:21:31 vmstalker slapd[1939]: conn=66 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Mar 22 23:21:31 vmstalker slapd[1939]: conn=66 op=1 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:31 vmstalker slapd[1939]: conn=66 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:41 vmstalker slapd[1877]: conn=66 fd=22 closed
Mar 22 23:21:41 vmstalker slapd[1877]: conn=67 fd=22 ACCEPT from IP=127.0.0.1:1092 (IP=127.0.0.1:389)
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=0 BIND dn="cn=admin,dc=samba" method=128
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=0 BIND dn="cn=admin,dc=samba" mech=SIMPLE ssf=0
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=0 RESULT tag=97 err=0 text=
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=1 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=posixAccount)(uid=tstuser))"
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=1 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=2 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=shadowAccount)(uid=tstuser))"
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=2 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=2 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:41 vmstalker slapd[1939]: conn=67 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:42 vmstalker slapd[1877]: conn=67 fd=22 closed
Mar 22 23:21:42 vmstalker slapd[1877]: conn=68 fd=22 ACCEPT from IP=127.0.0.1:1093 (IP=127.0.0.1:389)
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=0 BIND dn="cn=admin,dc=samba" method=128
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=0 BIND dn="cn=admin,dc=samba" mech=SIMPLE ssf=0
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=0 RESULT tag=97 err=0 text=
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=1 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=posixAccount)(uid=tstuser))"
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=1 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=2 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=shadowAccount)(uid=tstuser))"
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=2 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=2 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:42 vmstalker slapd[1939]: conn=68 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:42 vmstalker slapd[1877]: conn=68 fd=22 closed
Mar 22 23:21:43 vmstalker slapd[1877]: conn=69 fd=22 ACCEPT from IP=127.0.0.1:1094 (IP=127.0.0.1:389)
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=0 BIND dn="cn=admin,dc=samba" method=128
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=0 BIND dn="cn=admin,dc=samba" mech=SIMPLE ssf=0
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=0 RESULT tag=97 err=0 text=
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=1 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=posixAccount)(uid=tstuser))"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=1 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=2 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=shadowAccount)(uid=tstuser))"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=2 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=2 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=69 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:43 vmstalker slapd[1877]: conn=69 fd=22 closed
Mar 22 23:21:43 vmstalker slapd[1877]: conn=70 fd=22 ACCEPT from IP=127.0.0.1:1095 (IP=127.0.0.1:389)
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=0 BIND dn="cn=admin,dc=samba" method=128
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=0 BIND dn="cn=admin,dc=samba" mech=SIMPLE ssf=0
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=0 RESULT tag=97 err=0 text=
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=1 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=posixAccount)(uid=tstuser))"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=1 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=2 SRCH base="ou=Users,dc=samba" scope=1 filter="(&(objectClass=shadowAccount)(uid=tstuser))"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=2 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=2 ENTRY dn="uid=tstuser,ou=Users,dc=samba"
Mar 22 23:21:43 vmstalker slapd[1939]: conn=70 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 22 23:21:43 vmstalker slapd[1877]: conn=70 fd=22 closed
[root на vmstalker log]#

[root на vmstalker pam.d]# cat ./sshd
auth     sufficient     pam_ldap.so
auth     required       pam_userpass.so
auth     required       pam_tcb.so shadow fork prefix=$2a$ count=8 nullok nodelay blank_nolog use_first_pass
auth     required       pam_nologin.so
account  include        system-auth
password include        system-auth
session  include        system-auth[root на vmstalker pam.d]#

cat ./system-auth
#%PAM-1.0
auth sufficient /lib/security/pam_tcb.so shadow fork prefix=$2a$  count=8 nullok
auth required /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_tcb.so shadow fork
account required /lib/security/pam_ldap.so
password required /lib/security/pam_passwdqc.so min=disabled,24,12,8,7 max=40 passphrase=3 match=4 similar=deny random=42 enforce=users retry=3
password sufficient /lib/security/pam_ldap.so use_authok
password required /lib/security/pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 write_to=tcb
session required /lib/security/pam_limits.so
account    sufficient   /lib/security/pam_ldap.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077
session sufficient /lib/security/pam_ldap.so
[root на vmstalker pam.d]#


-- 
С уважением,
 Anton                          mailto:Pnz.Stalker на mail.ru




Подробная информация о списке рассылки community