The problem is simply that your user 'bernard' does not exist at Linux
level.
Mar 22 10:22:03 serverauth sshd[3492]: input_userauth_request: invalid
user bernard
means the user is not an existing posix user in the system!
2 choices:
1) You implement PAM-LDAP to have the unix users in LDAP as
replacement of having them /etc/password.
This is very elegant and you need to extend the ldap accounts with the
PosixAccount extension in WebADM.
On a Centos6, you need to implement nss-pam-ldapd and pam_ldap
correctly.
2) You simply have users in /etc/password with the same uid as your
WebADM users.
On Mar 22, 10:27 am, Benjamin GUILLON <
guillon....@gmail.com> wrote:
> Hi,
>
> I have setup OpenOTP server on Centos 6 32bit with ldapotp mode. In
> the test user login it is showing "Authentication Success" but ssh is
> not working on a Centos 6 32-bit machine.
>
> It seems that SSH can't use LDAP user but I installed pam_ldap.
> After the test on the WebAdm I downloaded the libopenotp and pam_openotp
>
> I then moved libopenotp-1.0/build_linux32/libopenotp* to */usr/lib*
> And I moved pam-openotp-1.0/build_linux32/pam_openotp.so to */lib/security*
>
> [root@serverauth Benjamin]# ls -l /usr/lib/libopenotp*
> -rw-r--r--. 1 root root 5656068 21 mars 11:56 /usr/lib/libopenotp.a
> lrwxrwxrwx. 1 root root 19 22 mars 10:11 /usr/lib/libopenotp.so ->
> libopenotp.so.1.0.7
> lrwxrwxrwx. 1 root root 19 22 mars 10:11 /usr/lib/libopenotp.so.1 ->
> libopenotp.so.1.0.7
> -rwxr-xr-x. 1 root root 3522754 21 mars 15:37 /usr/lib/libopenotp.so.1.0.7
>
> [root@serverauth Benjamin]# ls -l /lib/security/pam_openotp.so
> -rwxr-xr-x. 1 root root 3518736 21 mars 12:00 /lib/security/pam_openotp.so
>
> here's my conf :
>
> */etc/pam.d/sshd*
> #%PAM-1.0
> auth sufficient pam_openotp.so
> server_url="
http://192.168.124.19:8080/openotp/" client_id="SSH"
> password_mode=2
> auth required pam_sepermit.so
> auth include password-auth
> account required pam_nologin.so
> account include password-auth
> password include password-auth
> # pam_selinux.so close should be the first session rule
> session required pam_selinux.so close
> session required pam_loginuid.so
> # pam_selinux.so open should only be followed by sessions to be executed in
> the user context
> session required pam_selinux.so open env_params
> session optional pam_keyinit.so force revoke
> session include password-auth
>
> */etc/ssh/sshd_config
> *PasswordAuthentication yes
> ChallengeResponseAuthentication yes*
> *UsePAM yes
>
> I saw this topichttps://
groups.google.com/forum/?fromgroups=#!searchin/rcdevs-technic...
>
> And so I installed pam_ldap and I configure the */etc/pam_ldap.conf* file
>
> host 192.168.124.19
> base dc=local,dc=oceanet,dc=com
>
> Then in the WebAdm I went to my test user profil to add the *PosixAccount*extension
>
> but I still got the same issue when I try to connect with my user named *
> bernard* to my server *192.168.124.19* in ssh. I try to connect from
> 192.168.124.19 to 192.168.124.19 with ssh to avoid the firewall troubles.
> But when I try from an other server this is the same.
>
> My log file */var/log/secure *:
> Mar 22 10:22:03 serverauth sshd[3491]: Invalid user bernard from
> 192.168.124.19
> Mar 22 10:22:03 serverauth sshd[3492]: input_userauth_request: invalid user
> bernard
> Mar 22 10:22:03 serverauth sshd[3492]: Postponed keyboard-interactive for
> invalid user bernard from 192.168.124.19 port 52611 ssh2
> Mar 22 10:22:07 serverauth sshd[3494]: pam_openotp: Invalid PAM user bernard
> Mar 22 10:22:07 serverauth sshd[3492]: Postponed keyboard-interactive/pam
> for invalid user bernard from 192.168.124.19 port 52611 ssh2
> Mar 22 10:22:09 serverauth sshd[3494]: pam_unix(sshd:auth): check pass;
> user unknown
> Mar 22 10:22:09 serverauth sshd[3494]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.124.19
> Mar 22 10:22:09 serverauth sshd[3494]: pam_succeed_if(sshd:auth): error
> retrieving information about user bernard
> Mar 22 10:22:11 serverauth sshd[3491]: error: PAM: User not known to the
> underlying authentication module for illegal user bernard from
> 192.168.124.19
> Mar 22 10:22:11 serverauth sshd[3491]: Failed keyboard-interactive/pam for
> invalid user bernard from 192.168.124.19 port 52611 ssh2
> Mar 22 10:22:11 serverauth sshd[3492]: Postponed keyboard-interactive for
> invalid user bernard from 192.168.124.19 port 52611 ssh2
>
> You can see my command :
> [root@serverauth build_linux32]# ssh
bern...@192.168.124.19 -v
> *
> *