SSH (PAM) Authentication for Domain User

General support questions

SSH (PAM) Authentication for Domain User

Postby maksaraswat » 2012/02/28 22:01:48

Hi,

I have a CentOS configured with Samba and Winbind for file shares which works fine. In order for domain user to login to the linux box I did configure /etc/pam.d/sshd file. However every time I try to login with domain user it connects and shows the standard message "Last login: ..." and then disconnects by displaying message "Connection to the SERVER-NAME is closed."

Also, it did ask to manually create the /home/DOMAIN/ directory else it gives this message

"Last login: Tue Feb 28 16:30:45 2012 from x.x.x.x
Could not chdir to home directory /home/DOMAIN/USER: No such file or directory
Connection to SERVER closed."

The /etc/pam.d/sshd looks like this:

auth sufficient pam_winbind.so
auth required pam_nologin.so
auth include system-auth
account sufficient pam_winbind.so
account include system-auth
session include system-auth
password include system-auth

Following is the message at /var/log/secure (disregarding the break-in attempt part)

Feb 28 16:44:55 file3 sshd[4394]: reverse mapping checking getaddrinfo for machinename.domain.com failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:auth): getting password (0x00000000)
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:auth): user 'DOMAIN+User' granted access
Feb 28 16:44:59 file3 sshd[4394]: pam_winbind(sshd:account): user 'DOMAIN+User' granted access
Feb 28 16:44:59 file3 sshd[4394]: Accepted password for DOMAIN+User from x.x.x.x port 44240 ssh2
Feb 28 16:44:59 file3 sshd[4394]: pam_unix(sshd:session): session opened for user DOMAIN+User by (uid=0)
Feb 28 16:44:59 file3 sshd[4396]: Received disconnect from x.x.x.x: 11: disconnected by user
Feb 28 16:44:59 file3 sshd[4394]: pam_unix(sshd:session): session closed for user DOMAIN+User

I have also added the group in sudoers list that will be accessing this machine.

Please can anyone assist me here to make ssh work for domain user.


Thanks in advance!
Mayank
maksaraswat
 
Posts: 38
Joined: 2011/10/14 19:00:52
Location: New York

SSH (PAM) Authentication for Domain User

Postby pschaff » 2012/03/03 10:22:59

The /etc/sudoers list has nothing to do with logging in via ssh. Is SELinux Enforcing? Did you set the correct SELinux context when you created the home directories?
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: SSH (PAM) Authentication for Domain User

Postby maksaraswat » 2012/03/03 18:23:01

SELinux is disabled since installation.
maksaraswat
 
Posts: 38
Joined: 2011/10/14 19:00:52
Location: New York

Re: SSH (PAM) Authentication for Domain User

Postby pschaff » 2012/03/03 18:32:27

Bad idea, but at least eliminates one potential cause. Can local users log in? What are the permissions on ~/.ssh and contents for a domain user? Are you using passwords or SSH keys?
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: SSH (PAM) Authentication for Domain User

Postby maksaraswat » 2012/03/04 02:01:48

Yes, local users are logging in fine.
maksaraswat
 
Posts: 38
Joined: 2011/10/14 19:00:52
Location: New York

Re: SSH (PAM) Authentication for Domain User

Postby pschaff » 2012/03/04 02:46:46

and ...
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: SSH (PAM) Authentication for Domain User

Postby maksaraswat » 2012/03/07 22:15:42

There is no such file created but there are 4 other files .bash_logout, .bash_profile,, .bashrc and .mozilla. Following are the permission on all of them:

-rw------- 1 DOMAIN+username DOMAIN+user group 33 Feb 29 15:43

I need to permission only particular group (say linuxadmin) to login.

I am using password for domain user authentication.


Thanks,
Mayank
maksaraswat
 
Posts: 38
Joined: 2011/10/14 19:00:52
Location: New York

Re: SSH (PAM) Authentication for Domain User

Postby pschaff » 2012/03/09 01:34:44

Sorry - you are outside my area of knowledge, but I can tell you that using ssh keys is generally more secure than passwords.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America


Return to CentOS 6 - General Support

Who is online

Users browsing this forum: No registered users and 10 guests