RHEL and Ldap authentication

Posted on 2011-09-08
Last Modified: 2012-05-12
I have configured my RHEL server to authenticate to AD 2008.  wbinfo -u and finger username all work fine, no errors in joining domain, but when I try to ssh it fails.  The only think i see that could possibly be of use is in the /var/log/secure, stating:

 error: Could not get shadow information for USERNAME

Any ideas?
Question by:Elemental12
  • 5
  • 3

Expert Comment

ID: 36504676
try running pwck and make sure the login shell and home directory exist
LVL 10

Expert Comment

ID: 36504760
shadow information is the password, I guess.

Author Comment

ID: 36505011
I ran pwck, and it said pwck: no changes.  I am not sure what your shadow information comment means abbright.
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

LVL 10

Expert Comment

ID: 36508772
I mean that while your configuration allows for the retrieval of user data it seems not to work for the password information in AD. As Active Directory does not provide clear text password you may need to configure the authentication mechanism separately (PAM, Kerberos, ...).

Author Comment

ID: 36510190
How do I configure that ?

Also, if I do USERNAME@DOMAIN.COM, I can authenticate just fine.  Also, wbinfo -u works just fine, as well as id USERNAME.  So I can definitely auth and read from AD.  Almost seems like ssh is the one with the issue ?
LVL 10

Expert Comment

ID: 36510215
Ok, this looks like the authentication-packages does not know / use the information about the domain.
Maybe the option "winbind use default domain = yes" helps (see

Author Comment

ID: 36510250
  workgroup = DOMAIN
   password server = DC1.DOMAIN.COM DC2.DOMAIN.COM
   realm = DOMAIN.COM
   security = ads
   idmap uid = 10000000-4000000000
   idmap gid = 10000000-4000000000
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true

This is part of my smb.conf file.

Accepted Solution

Elemental12 earned 0 total points
ID: 36510727
Fixed it.  In the sshd_config, the UsePam was set to no for some reason.  Set it to yes and then service sshd restart, and it is working.


Author Closing Comment

ID: 36534679
problem was in the sshd_config.

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question