Originally posted by: GarethJM
Hi,
I'm trying to configure AIX 6.1 to authenticate users against AD using kerberised LDAP.
I've been able to authenticate my own (local) user against AD using Kerberos (KRB5files) but when I attempt to athenticate using an AD account (test02 - KRB5LDAP) I get the error below in the syslog:
Jun 26 10:45:43 LPAR6-10 auth|security:crit sshd
5570576: fatal: Failed to set process credentials
The following setting are present in my ldap.cfg file:
ldapservers:<my_ldap_host>
binddn:CN=<my_user>,OU=<my_OU>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>
bindpwd:*****************
authtype:unix_auth
useSSL:no
userbasedn:OU=End Users,OU=Accounts,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>
groupbasedn:OU=Groups,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>
userclasses:user,person,organizationalperson
groupclasses:group
ldapport:389
searchmode:ALL
defaultentrylocation:LDAP
serverschematype:sfu30
memberfulldn: yes
userattrmappath:/etc/security/ldap/sfu30user.map
groupattrmappath:/etc/security/ldap/sfu30group.map
lsuser for test02 gives:
test02 id=10000 pgrp= groups= home=/home/test02 shell=/usr/bin/ksh login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=KRB5LDAP SYSTEM=KRB5LDAP....... (output trucated)
I have created the /home/test02 directory and set the group as 10000 (as per the settings on the AD for msSFUGidNumber)
The ultimate aim is to use this auth mechanism for an installation of SAS (using sasauth in pam.conf) but in the first instance I'd like to be able to prove the concept by logging in an ssh session using test02. Can any one help???
Many Thanks