Hi,
I've set up an LDAP server (openLDAP) on a box called 'earth'.
On box 'venus' I'm using the LDAP to get user info for users with
UID>=1000. I've set up nsswitch. When I run `getent passwd` I get the
local users and the users from the LDAP (bert,griet and kobe):
root:x:0:0:root:/root:/bin/bash
...
bert:x:1000:1000:Bert:/home/bert:/bin/bash
griet:x:1002:1002:Griet:/home/griet:/bin/bash
kobe:x:1001:1001:Kobe:/home/kobe:/bin/bash
The user 'bert' is also locally known (in /etc/passwd and related files).
Next I've set up ssh with PAM to use the LDAP. It works perfectly for
the user 'bert', but when I try a different user, say 'griet' the ssh
session dies after typing the password. /var/log/auth.log says:
Dec 19 00:20:26 venus sshd[1180]: Accepted password for griet from
192.168.0.129 port 1142 ssh2
Dec 19 00:20:26 venus PAM-mkhomedir[1191]: unable to create home
directory /home/griet
Dec 19 00:20:26 venus sshd[1191]: fatal: PAM session setup failed[6]:
Permission denied
So pam-mkhomedir.so wasn't able to create the home directory. Looking
at it further showed that this is normal: the sshd process runs under
the user logged in, which means 'griet' and this user of course
doesn't have the sufficient rights to create a directory under /home.
I've googled and haven't found a decent solution to this problem. Some
of the suggestions were:
1/ chmod 777 on /home
I'm not even considering this one. Even a nicer version of this
isn't acceptable, I don't want a normal user being able to create
directories in /home.
2/ make sshd always run as root
This will makes my machine more vulnerable, won't it ? The
'venus' machine is visible on the internet as it is my
gateway/firewall.
Does anyone have a suggestion ?
Bert
_________________________________________________________
CEAC Cursos de formação profissional - peça informações aqui.:
http://ceac.online.pt/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
