Solved

RHEL and Ldap authentication

Posted on 2011-09-08
9
698 Views
Last Modified: 2012-05-12
I have configured my RHEL server to authenticate to AD 2008.  wbinfo -u and finger username all work fine, no errors in joining domain, but when I try to ssh it fails.  The only think i see that could possibly be of use is in the /var/log/secure, stating:

 error: Could not get shadow information for USERNAME

Any ideas?
0
Comment
Question by:Elemental12
  • 5
  • 3
9 Comments
 
LVL 8

Expert Comment

by:point_pleasant
Comment Utility
try running pwck and make sure the login shell and home directory exist
0
 
LVL 10

Expert Comment

by:abbright
Comment Utility
shadow information is the password, I guess.
0
 

Author Comment

by:Elemental12
Comment Utility
I ran pwck, and it said pwck: no changes.  I am not sure what your shadow information comment means abbright.
0
 
LVL 10

Expert Comment

by:abbright
Comment Utility
I mean that while your configuration allows for the retrieval of user data it seems not to work for the password information in AD. As Active Directory does not provide clear text password you may need to configure the authentication mechanism separately (PAM, Kerberos, ...).
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Elemental12
Comment Utility
How do I configure that ?

Also, if I do USERNAME@DOMAIN.COM, I can authenticate just fine.  Also, wbinfo -u works just fine, as well as id USERNAME.  So I can definitely auth and read from AD.  Almost seems like ssh is the one with the issue ?
0
 
LVL 10

Expert Comment

by:abbright
Comment Utility
Ok, this looks like the authentication-packages does not know / use the information about the domain.
Maybe the option "winbind use default domain = yes" helps (see http://www.ccs.neu.edu/home/battista/articles/winbind/winbind.html).
0
 

Author Comment

by:Elemental12
Comment Utility
  workgroup = DOMAIN
   password server = DC1.DOMAIN.COM DC2.DOMAIN.COM
   realm = DOMAIN.COM
   security = ads
   idmap uid = 10000000-4000000000
   idmap gid = 10000000-4000000000
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true

This is part of my smb.conf file.
0
 

Accepted Solution

by:
Elemental12 earned 0 total points
Comment Utility
Fixed it.  In the sshd_config, the UsePam was set to no for some reason.  Set it to yes and then service sshd restart, and it is working.

Thanks
0
 

Author Closing Comment

by:Elemental12
Comment Utility
problem was in the sshd_config.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now