Re: Error: OPENSSH LDAP PUBLIC KEY

From: Eric AUGE (e.auge_at_moon-system.com)
Date: 03/19/04

  • Next message: Nick Nelson: "setting shell to sftp-server?"
    Date: Fri, 19 Mar 2004 00:34:16 +0100
    To: Suhaimi Jamalludin <suhaimi@niser.org.my>
    
    
    

    Hello,

    The patch hasn't been applied within the package that's why
    options weren't being recognized.

    Updated packages by the contributor:

    http://fredj.org/Packages/openssh-ldap-3.7.1p2.tbz
    http://fredj.org/Packages/openssh-ldap-overwrite-base-3.7.1p2.tbz

    Hope it helps
    Best Regards,
    Eric.

    On Thu, Mar 18, 2004 at 01:46:15PM +0800, Suhaimi Jamalludin wrote:
    > Hi All,
    >
    > How are you? Sorry to drop in...really need you all help.
    >
    > This is regading SSH with LDAP. I have setup my LDAP server and it work
    > fine. My sshd deamon also can authenticate user using public key that store
    > locally.
    >
    > Then I wanted to store the SSH public key into the LDAP database for
    > central management. I have search around and I found
    > http://ldappubkey.gcu-squad.org for OPENSSH LDAP PUBLIC KEY package. I have
    > follow the README instruction and install the packages for FreeBSD. However
    > when I start sshd daemon it give me below error.
    >
    > my-svr# /usr/sbin/sshd -d -d -d -p 1234
    > debug2: read_server_config: filename /etc/ssh/sshd_config
    > /etc/ssh/sshd_config: line 5: Bad configuration option: lpkOn
    > /etc/ssh/sshd_config: line 6: Bad configuration option: lpkUserUrl
    > /etc/ssh/sshd_config: line 7: Bad configuration option: lpkGroupUrl
    > /etc/ssh/sshd_config: line 8: Bad configuration option: lpkBindDn
    > /etc/ssh/sshd_config: line 9: Bad configuration option: lpkBindPw
    > /etc/ssh/sshd_config: line 10: Bad configuration option: lpkServerGroup
    > /etc/ssh/sshd_config: terminating, 6 bad configuration options
    >
    > Can anybody advice me regarding this.
    >
    > I really appreciate your help.
    >
    > regards,
    > suhaimi
    >
    > My Step-by-Step:
    > ----------------
    > OS: FreeBSD 5.2-RELEASE
    > LDAP:openldap-server-2.1.26_1
    >
    > Download OPENSSH LDAP PUBLIC KEY package for FreeBSD package:
    > my-svr# mkdir package
    > my-svr# fetch
    > http://www.fredj.org/Packages/openssh-ldap-overwrite-base-3.7.1p2.tgz
    > my-svr# gunzip openssh-ldap-overwrite-base-3.7.1p2.tgz
    > my-svr# tar -xvf openssh-ldap-overwrite-base-3.7.1p2.tar
    >
    > copy all the file to each directoy:
    > cp -p /root/package/bin/scp /usr/bin/scp
    > cp -p /root/package/bin/sftp /usr/bin/sftp
    > cp -p /root/package/bin/slogin /usr/bin/slogin
    > cp -p /root/package/bin/ssh /usr/bin/ssh
    > cp -p /root/package/bin/ssh-add /usr/bin/ssh-add
    > cp -p /root/package/bin/ssh-agent /usr/bin/ssh-agent
    > cp -p /root/package/bin/ssh-keygen /usr/bin/ssh-keygen
    > cp -p /root/package/bin/ssh-keyscan /usr/bin/ssh-keyscan
    > cp -p /root/package/sbin/sshd /usr/sbin/sshd
    > cp -p /root/package/libexec/sftp-server /usr/libexec/sftp-server
    > cp -p /root/package/libexec/ssh-keysign /usr/libexec/ssh-keysign
    >
    > my-svr# /etc/ssh/sshd_config
    > PermitRootLogin yes
    > RSAAuthentication yes
    > PubkeyAuthentication yes
    > AuthorizedKeysFile .ssh/authorized_keys
    > lpkOn yes
    > lpkUserUrl ldap://my-svr/ou=people,dc=test,dc=com
    > lpkGroupUrl ldap://my-svr/ou=groups,dc=test,dc=com
    > lpkBindDn cn=Manager,dc=test,dc=com
    > lpkBindPw secret
    > lpkServerGroup testgrp
    > #lpkUseX509
    > # Change to no to disable PAM authentication
    > ChallengeResponseAuthentication yes
    > PrintLastLog yes
    >
    > USER INFO in LDAP:
    > ------------------------
    > dn: uid=testuser1, ou=People, dc=test,dc=com
    > sambaLMPassword: 419A6932ED4147C2AAD3B435B51404EE
    > sambaPrimaryGroupSID: S-1-5-21-541008154-732489941-378898453-513
    > displayName: testuser1 dummy
    > givenName: testuser1
    > sambaLogonScript: startup.cmd
    > userCertificate;binary::
    > MTAyNCAzNSBzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFCSXdB
    > QUFJRUF3TG5ueGlQMEh4amtvbVR3YzJzYmJQVXJHTnlXdXlvQ1RBaXUyWWtEMFJ0bnNvNlJ6ZXhu
    > SlhYNGRJVVhaSlNLL1RqUjBJZXYrR0FJTnVnN0xMKzdSZCt5Vm1DSmR4NUNMU3hMdHU5bzJNd3BP
    > TUxGZHg0OXowdHAzaERGQWJaZ25XTWdZc3ZIL21FM1NPT2ZJRk8wMzQrNlZMbFVJT1pENmg2blc1
    > Wm04Zjg9IHN1aGFpbWktZmlsZS1zdnIubmlzZXIub3JnLm15
    > objectClass: top
    > objectClass: inetOrgPerson
    > objectClass: posixAccount
    > objectClass: shadowAccount
    > objectClass: sambaSamAccount
    > objectClass: strongAuthenticationUser
    > userPassword:: e1NTSEF9NnpRTEh1bUg3cTYxQjBPTkxRb0RYMWhGMnlwUjlycXQ=
    > sambaLogonTime: 0
    > sambaHomeDrive: H:
    > mail: testuser1@test.com
    > uid: testuser1
    > uidNumber: 1001
    > cn: testuser1
    > sambaLogoffTime: 2147483647
    > sambaPwdLastSet: 1079500752
    > sambaAcctFlags: [U]
    > loginShell: /bin/csh
    > sambaProfilePath: \\SERVER\profiles\testuser1
    > gidNumber: 513
    > sambaPwdMustChange: 1087276752
    > sambaNTPassword: 58A54CB6584BEDE940DFD029FD76E2D2
    > sambaPwdCanChange: 1078878971
    > gecos: testuser1 dummy
    > sambaSID: S-1-5-21-541008154-732489941-378898453-3002
    > description: testuser1 dummy
    > homeDirectory: /home/testuser1
    > sambaKickoffTime: 2147483647
    > sn: dummy
    > sambaHomePath: \\SERVER\home
    >

    
    



  • Next message: Nick Nelson: "setting shell to sftp-server?"

    Relevant Pages

    • Error: OPENSSH LDAP PUBLIC KEY
      ... I have setup my LDAP server and it work fine. ... displayName: testuser1 dummy ... objectClass: inetOrgPerson ... sambaPwdLastSet: 1079500752 ...
      (SSH)
    • Need Advices on OPENSSH LDAP PUBLIC KEY PATCH
      ... I have setup my LDAP server and it work fine. ... http://ldappubkey.gcu-squad.org for OPENSSH LDAP PUBLIC KEY package. ... displayName: testuser1 dummy ... objectClass: inetOrgPerson ...
      (comp.security.ssh)
    • Re: Error: OPENSSH LDAP PUBLIC KEY
      ... I have setup my LDAP server and it work ... concerning the package it seems that the contributed package is broken, ... > displayName: testuser1 dummy ... > objectClass: inetOrgPerson ...
      (SSH)
    • Re: Solaris 9 naming services
      ... >> Solaris package to install though), ... > EOF of NIS+ has been announced and it could be removed from Solaris 10. ... Naming Services to LDAP? ...
      (comp.unix.solaris)
    • Re: Solaris 9 naming services
      ... >> Solaris package to install though), ... > EOF of NIS+ has been announced and it could be removed from Solaris 10. ... Naming Services to LDAP? ...
      (comp.sys.sun.admin)