Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RHEL and Ldap authentication

Posted on 2011-09-08
9
Medium Priority
?
721 Views
Last Modified: 2012-05-12
I have configured my RHEL server to authenticate to AD 2008.  wbinfo -u and finger username all work fine, no errors in joining domain, but when I try to ssh it fails.  The only think i see that could possibly be of use is in the /var/log/secure, stating:

 error: Could not get shadow information for USERNAME

Any ideas?
0
Comment
Question by:Elemental12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 8

Expert Comment

by:point_pleasant
ID: 36504676
try running pwck and make sure the login shell and home directory exist
0
 
LVL 10

Expert Comment

by:abbright
ID: 36504760
shadow information is the password, I guess.
0
 

Author Comment

by:Elemental12
ID: 36505011
I ran pwck, and it said pwck: no changes.  I am not sure what your shadow information comment means abbright.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 10

Expert Comment

by:abbright
ID: 36508772
I mean that while your configuration allows for the retrieval of user data it seems not to work for the password information in AD. As Active Directory does not provide clear text password you may need to configure the authentication mechanism separately (PAM, Kerberos, ...).
0
 

Author Comment

by:Elemental12
ID: 36510190
How do I configure that ?

Also, if I do USERNAME@DOMAIN.COM, I can authenticate just fine.  Also, wbinfo -u works just fine, as well as id USERNAME.  So I can definitely auth and read from AD.  Almost seems like ssh is the one with the issue ?
0
 
LVL 10

Expert Comment

by:abbright
ID: 36510215
Ok, this looks like the authentication-packages does not know / use the information about the domain.
Maybe the option "winbind use default domain = yes" helps (see http://www.ccs.neu.edu/home/battista/articles/winbind/winbind.html).
0
 

Author Comment

by:Elemental12
ID: 36510250
  workgroup = DOMAIN
   password server = DC1.DOMAIN.COM DC2.DOMAIN.COM
   realm = DOMAIN.COM
   security = ads
   idmap uid = 10000000-4000000000
   idmap gid = 10000000-4000000000
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true

This is part of my smb.conf file.
0
 

Accepted Solution

by:
Elemental12 earned 0 total points
ID: 36510727
Fixed it.  In the sshd_config, the UsePam was set to no for some reason.  Set it to yes and then service sshd restart, and it is working.

Thanks
0
 

Author Closing Comment

by:Elemental12
ID: 36534679
problem was in the sshd_config.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question