Author Topic: SSH login in as a ebox user (Read 9565 times)

jsievert · « **on:** September 03, 2008, 11:49:12 pm »

I am VERY new to ebox. I have just set up a new ubuntu 8.04 server and installed 0.12 ebox. I have just setup the file sharing and a few users/groups and now I am looking to log in as one of those users via ssh but when I try all I get is access denied. Looking at getent the users that I created are coming though. Any thoughts?

sixstone · « **Reply #1 on:** September 04, 2008, 10:04:58 am »

The users that you have created don't have access to eBox machine but only in Samba shares and remote authentication.

I'm afraid to tell you we have not integrated LDAP users in eBox to log in eBox machine itself

.

Best regards,

jsievert · « **Reply #2 on:** September 04, 2008, 09:34:47 pm »

Any thoughts on adding this. Ebox is the best thing that I have seen so far for setting up LDAP and samba. I would like to use the ldap users for logging in locally if possible or having another ubuntu box use the ldap user info for logins with nfs mounted home dir's.

Thanks for the wonderful software!

javi · « **Reply #3 on:** September 05, 2008, 04:03:27 pm »

Quote

Any thoughts on adding this. Ebox is the best thing that I have seen so far for setting up LDAP and samba. I would like to use the ldap users for logging in locally if possible or having another ubuntu box use the ldap user info for logins with nfs mounted home dir's.

Actuall, yes, there are plans to do this. We haven't had time to do it yet.

If you or any of the users wants to step up and help us do this by setting up this configuration from a configuration generated by eBox and writing down the steps, it would be great

jsievert · « **Reply #4 on:** September 09, 2008, 05:55:31 pm »

I would be willing to help with this. I am guessing that there is a few things missing from the LDAP database for the users to allow them to log in. I have already tried adding the loginShell with no change. Any other things that I might be missing?

hurra · « **Reply #5 on:** April 07, 2009, 05:36:25 pm »

Hi all, how goes with this? Has the functionality been added natively to ebox (I'm still running an old 0.11)?

or jsievert, have you found/made a how to?

I have been looking around for this. There are lot of examples on the net for other distros, but none where the config file look anything like what comes with ebox, so I have been afraid to try any of the guides, since it would require me to change just about every ssh and pam setting.

jsievert · « **Reply #6 on:** April 07, 2009, 07:50:17 pm »

Never found a way around it. I started to look at Amahi as an alternative. Its Fedora based but has some other cool features.

isaac · « **Reply #7 on:** April 07, 2009, 08:04:56 pm »

Hello, SSH login works, you just need to:

1. install the Samba module (yeah, this shouldn't be needed and we'll try to fix this)

2. in /etc/ebox/80samba.conf change:

Code: [Select]

login_shell = /bin/falseto

Code: [Select]

login_shell = /bin/bashonce this is done new users will have /bin/bash as shell. If you want old users to be able to log in, you will need
to edit the LDAP yourself, using an LDAP client and change the loginShell attribute to /bin/bash manually.

3. change the ubuntu PAM setup so it takes LDAP into account for authentication, you can have a look here:
https://help.ubuntu.com/community/LDAPClientAuthentication#PAM
It's basically adding:

Code: [Select]

account sufficient      pam_ldap.so

to /etc/pam.d/common-account
and

Code: [Select]

auth    sufficient      pam_ldap.so

to /etc/pam.d/common-auth. These lines should be the first one of the files. You probably want to add use_first_pass after the line which says pam_unix.so in that file so it doesn't ask for the password twice.

Be careful while doing these changes, make sure you have a root terminal open while you do them because you might get locked out of your box if you mess up and you don't.

We'll try to do this more automatic in future versions

jcanfield · « **Reply #8 on:** April 08, 2009, 03:48:56 pm »

Quote from: isaac on April 07, 2009, 08:04:56 pm

Code: [Select]
login_shell = /bin/bashonce this is done new users will have /bin/bash as shell. If you want old users to be able to log in, you will need
to edit the LDAP yourself, using an LDAP client and change the loginShell attribute to /bin/bash manually.

It might be safer and easier to do this from the command line:

Code: [Select]

smbldap-usermod -s /bin/bash username
-Jim

c4rdinal · « **Reply #9 on:** May 07, 2009, 02:51:06 am »

Hi,

Could this be integrated in the Users > Add users as an option?

Thanks in advance!

James

martinique · « **Reply #10 on:** July 15, 2009, 10:45:32 am »

How about a group-based setting instead? That way one wouldn't need to edit every single user to add shell access, but just add them to a group which has shell permissions.

sulazhy · « **Reply #11 on:** April 07, 2010, 03:55:42 pm »

isaac,
I have my ebox users and can not get them to login via ssh. Pls can you give me a detailed direction how to edit the LDAP myself? and how to change the ubuntu PAM setup so it takes LDAP into account for authentication.

Thanks in advance.

Cookies usage

Author Topic: SSH login in as a ebox user (Read 9565 times)

jsievert

SSH login in as a ebox user

sixstone

Re: SSH login in as a ebox user

jsievert

Re: SSH login in as a ebox user

javi

Re: SSH login in as a ebox user

jsievert

Re: SSH login in as a ebox user

hurra

Re: SSH login in as a ebox user

jsievert

Re: SSH login in as a ebox user

isaac

Re: SSH login in as a ebox user

jcanfield

Re: SSH login in as a ebox user

c4rdinal

Re: SSH login in as a ebox user

martinique

Re: SSH login in as a ebox user

sulazhy

Re: SSH login in as a ebox user