I'm having a bear of a time getting my LDAP connection going, so I hope someone here has some insight.
I have AIX 5.3 running on an LPAR. I have ldap-client, ldap-max-crypto-client, gskak, and gskte installed. I'm able to set up the connection via mksecldap, and I can query users just fine whether they be local or remote.
When I ssh in using local authentication, everything works fine.
If I set my /etc/security/user stanza to 'SYSTEM = "LDAP"' and 'registry = LDAP', I can see my info in lsuser coming from the LDAP server.
Here's where the 'fun' begins. lsuser 'username' doesn't show my pgrp. We have a custom attribute because our default in the LDAP server is 10 (wheel for Linux). Since we use 1 (staff), we had an attribute created that is called out in /etc/security/ldap/2307user.map.
Whether I use the default gidnumber attribute, or our own custom attribute it doesn't pull it.
Also, when I set registry = files (or leave it un-set), I get all of the proper local information.
Now, I KNOW, for 100% certainty that I'm missing something stupid here, which is why I can't figure out what it is. I know this because I had it working a couple of weeks ago, but I rebuilt the server to test something else and forgot to save my state then for when I wanted to come back.
When I log in via SSH, I don't see anything unusual on the client side, and the server side reports that the login was successful. Yet, I get:
ssh user@server
user@server's password:
Connection to server closed by remote host.
Connection to server closed.
Can anyone help me figure out what the heck I'm missing here? SSH is successfully making the connection to the LDAP server and authenticating (I know it's going to the right place because login fails with my local password, which is different from my remote pw), and returning a successful result. Yet sshd on the server simply kicks me out after that.
Hopefully someone has some insight before I end up with no hair.