Anyone had problems trying to connect via ssh to FC2 server setup for ldap & pam?
When I ssh to FC2 it prompts for my password. I enter the password setup on the ldap server (different server) - It responds with "Access denied" and prompts for my password again. I enter it a second time & it starts up my ssh session. This indicates that it is authenticating OK to the ldap server - but always on the second try. When I enter my local password at the first prompt it lets me in. So it appears that the first prompt is looking up the local password and the second try it is looking up the ldap entry.
The pam.d/sshd file looks OK - it is referencing the system-auth file which is generated from the authconfig command. I have tried swapping around the order of files & ldap in the nsswitch.conf file but to no avail.
Any ideas?
Regards... Fred Kroeger
It could be that PAM isn't passing the password from the initial login attempt to LDAP.
What does the line for pam_ldap.so look like in system-auth?
These are the relevent lines from my (working) FC1 system:
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
where use_first_pass tells PAM to use the password which was enterd for pam_unix, rather than prompting for another one.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555