Gary, here's the output from /var/adm/messages:
Aug 30 16:17:38 unknown last message repeated 1 time
Aug 30 16:17:38 unknown sshd[1354]: [ID 800047 auth.error] error: PAM: Authentication
failed for testdba from
cnyitsun01.composers.foo.com
Aug 30 16:17:39 unknown sshd[1354]: [ID 316739 auth.error] pam_ldap: no legal
authentication method configured
What does that mean? I took the pam.conf from the website you gave me and commented out
the lines, like you said:
login auth requisite pam_authtok_get.so.1 debug
login auth required pam_dhkeys.so.1 debug
#login auth required pam_unix_cred.so.1 debug
login auth required pam_dial_auth.so.1 debug
login auth binding pam_unix_auth.so.1 server_policy debug
login auth required pam_ldap.so.1 debug
Also:
bash-2.03# getent passwd testdba
testdba::10001:7000::/home/testdba:/bin/bash
sshd -d is totally silent. No output after startup:
bash-2.03# /usr/local/sbin/sshd -d
debug1: sshd version OpenSSH_3.9p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
Disabling protocol version 1. Could not load host key
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 10
--- "Tay, Gary" <Gary_Tay(a)platts.com> wrote:
What is the output of "id testdba" and "getent passwd
testdba"?
To use ldap auth for SSH Server, you must set these lines in /etc/ssh/sshd_config:
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes
Yep, changed that!
Still (from the remote machine):
cnyitsun01/ > ssh testdba(a)192.85.86.87
Password:
LDAP Password:
Password:
LDAP Password:
And it never lets me in.
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs