Hello all, I run Debian Sarge and I have a problem with my SSH server (in combination with password authentication and LDAP). It doesn't work well with password authentication when I try to login as a LDAP user but it works well for users in /etc/passwd. If I try to login as a LDAP user via SSH and keyboard interactive as autentication mechanism it works good. In /var/log/auth.log this message appears when a LDAP user tries to login with password authentication: Feb 1 06:54:28 hostname sshd[4691]: Failed password for username from ::ffff:127.0.0.1 port 53071 ssh2 In /etc/nsswith I have: passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files #services compat ldap ethers: db files rpc: db files netgroup: nis The SSH server is told to use PAM (UsePAM yes) and accept password authentication (PasswordAuthentication yes). The SSH server also reports that it accepts password authentication. In /etc/pam.d/pam_ldap.conf I have tried with some different values for the "pam_password" parameter (like the algoritm used in LDAP for a test user's password). Still no success. Are there are any usual mistakes for that configuration file? I once tried to add a LDAP user in /etc/passwd and /etc/shadow too and then it worked. I gave the LDAP user the same password as another user in /etc/shadow and logged in. It is of course not a nice solution to syncronize the LDAP database with /etc/passwd and /etc/shadow though... Any answers are appreciated.
Attachment:
signature.asc
Description: This is a digitally signed message part