Ldap and ssh weird problem - Linux

This is a discussion on Ldap and ssh weird problem - Linux ; Hello there, I have a problem with ssh working with ldap. the problem is that when I use ssh into remote host, i able to acccess the machine by typing anything onto the password prompt and it allows me to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Ldap and ssh weird problem

  1. Ldap and ssh weird problem

    Hello there,

    I have a problem with ssh working with ldap. the problem is that when I
    use ssh into remote host, i able to acccess the machine by typing anything
    onto the password prompt and it allows me to login.

    example.

    Machine A:
    ssh root@ldap-server
    root@ldap-server's password: <--- this i just typed "abc"or anything
    Last login: Mon Feb 23 15:40:33 2004 from 10.168.224.185 <---- it allows
    me to loing even my password is WRONG!
    nagios:~ #

    I'm not sure where the problem lies. hope someone can enlighten me THANKs a
    lot!

    here's my slapd.conf

    ################################################## ###################
    # Here under are defined the schemas the directory should accept.
    # A schema contains attributes definitions.
    ################################################## ###################

    include /etc/openldap/slapd.access.conf
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/qmail.schema

    #################### End of Section #################################



    pidfile /var/run/slapd/slapd.pid
    argsfile /var/run/slapd/slapd.args



    ################################################## #####################
    # ldbm database definitions
    ################################################## #####################

    database bdb
    suffix "dc=mobileway,dc=com"
    rootdn "cn=Manager,dc=mobileway,dc=com"
    rootpw secret

    # This variable defines the directory where the LDAP database will be
    stored.
    directory /var/lib/ldap

    # Indices to maintain
    index objectClass,uid,uidNumber,gidNumber,memberUid eq
    index cn,mail,surname,givenname eq,subinitial


    #################### End of Section #################################

    ################################################## ###################
    # Replication Directives
    ################################################## ###################

    replogfile /var/lib/ldap/replog
    #replica uri=ldap://192.168.1.142:389
    # binddn="cn=Replicator,dc=mobileway,dc=com"
    # bindmethod=simple
    # credentials=secret


    #################### End of Section #################################


    ################################################## ###################
    # Access lists definitions :
    ################################################## ###################


    #access to *
    # by self write
    # by dn="cn=Manager,dc=mobileway,dc=com" write
    # by users read
    # by anonymous auth


    #################### End of Section #################################

    my slapd.access.conf
    access to dn=".*,dc=mobileway,dc=com" attr=userPassword
    by dn="cn=Manager,dc=mobileway,dc=com" write
    by dn="cn=proxyuser,dc=mobileway,dc=com" read
    by self write
    by * auth

    #access to dn=".*,dc=mobileway,dc=com" attr=mail
    # by dn="cn=Manager,dc=mobileway,dc=com" write
    # by self write
    # by * read

    access to dn=".*,ou=Singapore,ou=APAC,dc=mobileway,dc=com"
    by * read

    access to dn=".*,ou=People,ou=Singapore,ou=APAC,dc=mobileway,dc= com"
    by * read

    access to dn=".*,dc=mobileway,dc=com"
    by self write
    by * read

    and finally my ldap.conf
    # Your LDAP server. Must be resolvable without using LDAP.
    #host 127.0.0.1
    host ldap

    base dc=mobileway,dc=com

    rootbinddn cn=proxyuser,dc=mobileway,dc=com
    # The search scope.
    #scope sub
    scope one
    #scope base
    "ldap.conf" 172L, 4654C 42,1
    Top
    # Filter to AND with uid=%s
    pam_filter objectclass=posixAccount
    # The user ID attribute (defaults to uid)
    pam_login_attribute uid
    pam_lookup_policy yes
    pam_member_attribute gid
    pam_template_login_attribute uid

    pam_password crypt

    nss_base_passwd ou=People,ou=Singapore,ou=APAC,dc=mobileway,dc=com ?one
    nss_base_shadow ou=People,ou=Singapore,ou=APAC,dc=mobileway,dc=com ?one
    nss_base_group ou=Group,ou=Singapore,ou=APAC,dc=mobileway,dc=com? one
    nss_base_hosts ou=Hosts,ou=Singapore,ou=APAC,dc=mobileway,dc=com? one




  2. Re: Ldap and ssh weird problem

    ulysses wrote:
    > Hello there,
    >
    > I have a problem with ssh working with ldap. the problem is that when I
    > use ssh into remote host, i able to acccess the machine by typing anything
    > onto the password prompt and it allows me to login.
    >
    > example.
    >
    > Machine A:
    > ssh root@ldap-server
    > root@ldap-server's password: <--- this i just typed "abc"or anything
    > Last login: Mon Feb 23 15:40:33 2004 from 10.168.224.185 <---- it allows
    > me to loing even my password is WRONG!
    > nagios:~ #
    >
    > I'm not sure where the problem lies. hope someone can enlighten me THANKs a
    > lot!


    Are you able to login to the ldap server like that directly (ie sitting
    at the ldap server without ssh)?

    --
    Ben M.

    ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harassment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battle at http://swpat.ffii.org/
    ----------------

+ Reply to Thread