ay0my wrote:
Hi Gordon,
I tried your suggestion the results looks OK.
[root@sspxz100 ~]# id s39427
uid=111(s39427) gid=14(sysadmin) groups=14(sysadmin)
[root@sspxz100 ~]# ls -l ~s39427
total 0
I saw the following error in /var/log/secure when the "permission denied" error is encountered.
Jun 15 17:19:38 sspxz100 sshd[13765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ci-nb39427-6.sf.sp.edu.sg user=s39427
Jun 15 17:19:40 sspxz100 sshd[13765]: Failed password for s39427 from 164.78.20.60 port 2029 ssh2
Jun 15 09:19:40 sspxz100 sshd[13766]: Failed password for s39427 from 164.78.20.60 port 2029 ssh2
No error is recorded in /var/log/messages
I also try connecting to the LDAP server at port 389 and it is OK.
[root@sspxz100 ~]# telnet 165.70.35.12 389
Trying 165.70.35.12...
Connected to sspsm040.sf.sp.edu.sg (165.70.35.12).
Escape character is '^]'.
Any other help will be appreciated.
Thanks
Is nsswitch setup correctly to obtain the password from the LDAP server?
Check in /etc/nsswitch.conf that passwd, shadow and group are all set to obtain
data from ldap:
passwd: files ldap
shadow: files ldap
group: files ldap
Verify that nss is looking up the data in LDAP by running the following commands
on sspxz100:
# getent passwd s39427
# getent shadow s39427
these should show the information retrieved from the LDAP directory for the user
in question.
Is host based access control in effect? If so, does the user in question have
permission to login to that host?
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
