error in auth.log but can login; LDAP/PAM

Posted by Peter on Server Fault See other posts from Server Fault or by Peter
Published on 2011-09-30T12:21:12Z Indexed on 2012/06/28 9:17 UTC
Read the original article Hit count: 450

Filed under:
|
|

I have a server running OpenLDAP. When I start a ssh-session I can log in without problems, but an error appears in the logs. This only happens when I log in with a LDAP account (so not with a system account such as root). Any help to eliminate these errors would be much appreciated.

The relevant piece from /var/log/auth.log

sshd[6235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=example.com  user=peter
sshd[6235]: Accepted password for peter from 192.168.1.2 port 2441 ssh2
sshd[6235]: pam_unix(sshd:session): session opened for user peter by (uid=0)

pam common-session

session [default=1]                     pam_permit.so
session required        pam_unix.so
session optional                        pam_ldap.so
session     required      pam_mkhomedir.so skel=/etc/skel umask=0022
session     required      pam_limits.so
session     required      pam_unix.so
session     optional      pam_ldap.so

pam common-auth

auth    [success=1 default=ignore]      pam_ldap.so
auth    required                        pam_unix.so nullok_secure use_first_pass
auth    required                        pam_permit.so
session     required      pam_mkhomedir.so skel=/etc/skel umask=0022 silent
auth    sufficient      pam_unix.so nullok_secure use_first_pass
auth    requisite       pam_succeed_if.so uid >= 1000 quiet
auth    sufficient      pam_ldap.so use_first_pass
auth    required        pam_deny.so

pam common-account

account [success=2 new_authtok_reqd=done default=ignore]        pam_ldap.so
account [success=1 default=ignore]      pam_unix.so
account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so
account sufficient        pam_ldap.so
account sufficient      pam_unix.so

© Server Fault or respective owner

Related posts about ssh

Related posts about ldap