Hello,
I followed this document to configure LDAP server and clients on Virtualmin (GPL): http://www.virtualmin.com/documentation/id,combining_virtualmin_and_ldap/. My LDAP server lives on a separate server, which is the same as the NFS server I am using for the users home directories.
The last completed section of that document was "Setting Up Webmin’s LDAP USers and Groups Module. I haven’t gone any further. In that section, I “added a new LDAP user” but the user would fail to be created because there was no group selected. So, I went into webmin and created a new group for LDAP (under the LDAP Users and Groups) called clients. Then when I added the user again, I had to manually select a group (the ‘client’ group) for the user to be a part of to allow LDAP to create the user. If not, it would always fail saying “invalid : Group”.
Once I got over that hump, I went to test the new/test account I created via SSH (the test account is called testaccount). However, I cannot login. Here is the error I am getting when trying to login:
Feb 24 12:16:27 virtualmin01 sshd[4500]: Invalid user testaccount from 10.8.0.6
Feb 24 12:16:27 virtualmin01 sshd[4501]: input_userauth_request: invalid user testaccount
Feb 24 12:16:35 virtualmin01 sshd[4500]: pam_unix(sshd:auth): check pass; user unknown
Feb 24 12:16:35 virtualmin01 sshd[4500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.8.0.6
Feb 24 12:16:35 virtualmin01 sshd[4500]: pam_succeed_if(sshd:auth): error retrieving information about user testaccount
Feb 24 12:16:37 virtualmin01 sshd[4500]: Failed password for invalid user testaccount from 10.8.0.6 port 65474 ssh2
Feb 24 12:16:42 virtualmin01 sshd[4501]: Connection closed by 10.8.0.6
It looks like the authentication is not even looking at pam_ldap.so and going straight to pam_unix.so.
My configuration for servers is as follows:
2 virtualmin servers
1 LDAP/NFS Server
Virtualmin servers mount NFS share for home directories
NFS/LDAP server host the LDAP Server
2 Virtualmin servers connect to LDAP Server for authentication
What works?:
When creating a user, it creates the user and its home directory. You can see the users home directory on both virtualmin servers as well as the NFS server (because of the NFS export). I can also see the user on the ldap client on both virtualmin servers and the ldap server.
So, the accounts are created just fine but I can’t authenticate via SSH. I haven’t tried to login from a local console because I don’t have iLO/DRAC setup (licenses) and the servers are remote.
According to the doc above, I needed to edit the PAM Authentication section, which I did. I also ensured that pam_ldap.so was above pam_unix.so. I did this on both virtualmin servers and the ldap server as well. What could I be missing?