SSH (PAM) Authentication for Domain User
-
- Posts: 44
- Joined: 2011/10/14 19:00:52
- Location: New York
- Contact:
SSH (PAM) Authentication for Domain User
Hi,
I have a CentOS configured with Samba and Winbind for file shares which works fine. In order for domain user to login to the linux box I did configure /etc/pam.d/sshd file. However every time I try to login with domain user it connects and shows the standard message "Last login: ..." and then disconnects by displaying message "Connection to the SERVER-NAME is closed."
Also, it did ask to manually create the /home/DOMAIN/ directory else it gives this message
"Last login: Tue Feb 28 16:30:45 2012 from x.x.x.x
Could not chdir to home directory /home/DOMAIN/USER: No such file or directory
Connection to SERVER closed."
The /etc/pam.d/sshd looks like this:
auth sufficient pam_winbind.so
auth required pam_nologin.so
auth include system-auth
account sufficient pam_winbind.so
account include system-auth
session include system-auth
password include system-auth
Following is the message at /var/log/secure (disregarding the break-in attempt part)
Feb 28 16:44:55 file3 sshd[4394]: reverse mapping checking getaddrinfo for machinename.domain.com failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:auth): getting password (0x00000000)
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:auth): user 'DOMAIN+User' granted access
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:account): user 'DOMAIN+User' granted access
Feb 28 16:44:59 file3 sshd[4394]: Accepted password for DOMAIN+User from x.x.x.x port 44240 ssh2
Feb 28 16:44:59 file3 sshd[4394]: pam_unix(sshd:session): session opened for user DOMAIN+User by (uid=0)
Feb 28 16:44:59 file3 sshd[4396]: Received disconnect from x.x.x.x: 11: disconnected by user
Feb 28 16:44:59 file3 sshd[4394]: pam_unix(sshd:session): session closed for user DOMAIN+User
I have also added the group in sudoers list that will be accessing this machine.
Please can anyone assist me here to make ssh work for domain user.
Thanks in advance!
Mayank
I have a CentOS configured with Samba and Winbind for file shares which works fine. In order for domain user to login to the linux box I did configure /etc/pam.d/sshd file. However every time I try to login with domain user it connects and shows the standard message "Last login: ..." and then disconnects by displaying message "Connection to the SERVER-NAME is closed."
Also, it did ask to manually create the /home/DOMAIN/ directory else it gives this message
"Last login: Tue Feb 28 16:30:45 2012 from x.x.x.x
Could not chdir to home directory /home/DOMAIN/USER: No such file or directory
Connection to SERVER closed."
The /etc/pam.d/sshd looks like this:
auth sufficient pam_winbind.so
auth required pam_nologin.so
auth include system-auth
account sufficient pam_winbind.so
account include system-auth
session include system-auth
password include system-auth
Following is the message at /var/log/secure (disregarding the break-in attempt part)
Feb 28 16:44:55 file3 sshd[4394]: reverse mapping checking getaddrinfo for machinename.domain.com failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:auth): getting password (0x00000000)
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:auth): user 'DOMAIN+User' granted access
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:account): user 'DOMAIN+User' granted access
Feb 28 16:44:59 file3 sshd[4394]: Accepted password for DOMAIN+User from x.x.x.x port 44240 ssh2
Feb 28 16:44:59 file3 sshd[4394]: pam_unix(sshd:session): session opened for user DOMAIN+User by (uid=0)
Feb 28 16:44:59 file3 sshd[4396]: Received disconnect from x.x.x.x: 11: disconnected by user
Feb 28 16:44:59 file3 sshd[4394]: pam_unix(sshd:session): session closed for user DOMAIN+User
I have also added the group in sudoers list that will be accessing this machine.
Please can anyone assist me here to make ssh work for domain user.
Thanks in advance!
Mayank
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
SSH (PAM) Authentication for Domain User
The [b]/etc/sudoers[/b] list has nothing to do with logging in via ssh. Is SELinux Enforcing? Did you set the correct SELinux context when you created the home directories?
-
- Posts: 44
- Joined: 2011/10/14 19:00:52
- Location: New York
- Contact:
Re: SSH (PAM) Authentication for Domain User
SELinux is disabled since installation.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: SSH (PAM) Authentication for Domain User
Bad idea, but at least eliminates one potential cause. Can local users log in? What are the permissions on ~/.ssh and contents for a domain user? Are you using passwords or SSH keys?
-
- Posts: 44
- Joined: 2011/10/14 19:00:52
- Location: New York
- Contact:
Re: SSH (PAM) Authentication for Domain User
Yes, local users are logging in fine.
-
- Posts: 44
- Joined: 2011/10/14 19:00:52
- Location: New York
- Contact:
Re: SSH (PAM) Authentication for Domain User
There is no such file created but there are 4 other files .bash_logout, .bash_profile,, .bashrc and .mozilla. Following are the permission on all of them:
-rw------- 1 DOMAIN+username DOMAIN+user group 33 Feb 29 15:43
I need to permission only particular group (say linuxadmin) to login.
I am using password for domain user authentication.
Thanks,
Mayank
-rw------- 1 DOMAIN+username DOMAIN+user group 33 Feb 29 15:43
I need to permission only particular group (say linuxadmin) to login.
I am using password for domain user authentication.
Thanks,
Mayank
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: SSH (PAM) Authentication for Domain User
Sorry - you are outside my area of knowledge, but I can tell you that using ssh keys is generally more secure than passwords.