Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

pam_ldap issue going from jessie to stretch

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
bigbadbob
Posts: 6
Joined: 2013-01-30 16:51

pam_ldap issue going from jessie to stretch

#1 Post by bigbadbob »

I am using pam_ldap (the libpam-ldap scenario described in the wiki) to authenticate users via ssh. This has been working great on wheezy and jessie for some time. However, on stretch it appears to be broken. As best as I can tell all my configuration files (/etc/ssh/sshd_config, /etc/pam_ldap.conf) are the same as what I am using on jessie. I am getting this error:

Code: Select all

Aug 12 10:37:03 test sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.8  user=bob
Aug 12 10:37:03 test sshd[2579]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 12 10:37:03 test sshd[2579]: pam_ldap: reconnecting to LDAP server...
Aug 12 10:37:03 test sshd[2579]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 12 10:37:05 test sshd[2579]: Failed password for bob from 192.168.1.8 port 40920 ssh2
I can use openssl to connect to the LDAP server:

Code: Select all

openssl s_client -connect ldap.domain.com:636
which works and gives my lots of information.

When I use the ldapsearch command (as described in the wiki), that command works as well.

How can I determine what is going wrong?
Top
Post Reply

Return to “System and Network configuration”