我安装ldap-auth-client nscd ldap-utils在 lubuntu 14.04 上,在香蕉 pi 上运行。我可以使用 成功绑定为用户ldapwhoami,但无法通过 ssh 登录:
验证日志:
Oct 21 02:12:05 lemaker sshd[1445]: Invalid user jonathan.fisher from 192.168.119.16
Oct 21 02:12:05 lemaker sshd[1445]: input_userauth_request: invalid user jonathan.fisher [preauth]
Oct 21 02:12:09 lemaker sshd[1445]: pam_unix(sshd:auth): check pass; user unknown
Oct 21 02:12:09 lemaker sshd[1445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=thor.corp.xxx.com
Oct 21 02:12:09 lemaker sshd[1445]: pam_ldap: error trying to bind as user "cn=jonathan.fisher,ou=users,dc=corp,dc=xxx,dc=com" (Invalid credentials)
Oct 21 02:12:12 lemaker sshd[1445]: Failed password for invalid user jonathan.fisher from 192.168.119.16 port 53005 ssh2
这就是事情变得奇怪的地方...我有一个疯狂的想法要做 tcpdump,它试图与文字密码字符串绑定为INCORRECT,而不是我输入的密码。这看起来很荒谬...发生了什么事?
编辑
bananapi@lemaker:~$ sudo id jonathan.fisher
id: jonathan.fisher: no such user
不知道为什么会这样做...我有 nsswitch.conf 设置:
passwd: files ldap
group: files ldap
shadow: files ldap
答案1
我有同样的问题。我的 nsswitch.conf 中有“ldap”。一切看起来都是正确的。唯一的问题是 NSS LDAP 模块实际上并未安装。我所需要的只是这个:
apt-get install libnss-ldap
答案2
尝试这个命令: adflush
我在服务器上收到此消息:
Aug 26 12:44:24 nim2-bar syslog: ssh: failed login attempt for UNKNOWN_USER from 10.214.144.11
Aug 26 12:44:24 nim2-bar sshd[18219478]: error: maximum authentication attempts exceeded for invalid user u50385 from xx.xxx.xxx.xx port 53006 ssh2 [preauth]
Aug 26 12:44:24 nim2-bar sshd[18219478]: Disconnecting invalid user u50385 10.214.144.11 port 53006: Too many authentication failures [preauth]