Re: root user and unwanted failing ldap requests

by Tony Earnshaw-4 :: Rate this Message:

Benji H skrev, on 05-12-2007 15:25:

> Am hoping someone can help me with this problem. I've got pam_ldap working
> fine (debian etch, all from apt repos). I can auth, change passwords, sudo
> works. I can even log in as root when slapd is unreachable. My only issue is
> when I try and log in as root over SSH I get the following:
>
> Dec 5 12:38:30 core sshd[20812]: pam_ldap: ldap_simple_bind Can't contact
> LDAP server
> Dec 5 12:39:07 core sshd[20812]: pam_ldap: ldap_simple_bind Can't contact
> LDAP server

[...]

> it works perfectly for any user.

What's that supposed to mean? What "works perfectly for any user"?

> Any pointers would be wonderful, thanks!

I don't know Debian or its defaults, but as a (very security minded) Red
Hat person I'd be looking at /etc/ssh/sshd_config and PermitRootLogin.
After that, look at AllowUser, otherwise it's going to cost your site
"bacon fat" (as Norwegians say).

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

« Return to Thread: root user and unwanted failing ldap requests