LDAP auth fails for some users

Something weird is happening, some users are not able to authenticate via our LDAP to access services (SSH connection, Samba, etc.).

Their entries are in the LDAP and everything seems to be fine, I made a comparison with a working LDAP entry created with the same scripts only 5 minutes before, and the only differences I can see are the IDs/timestamps (sambaPwdMustChange, etc…)

If I do a getent passwd | grep "username" I find their record, but a ssh [email protected] fails (while again it works with other users created with the same script)

My log here /var/log/ldap/slapd.d shows error messages

Apr  9 14:09:48 je nslcd[3293]: [2fc6ce] lookup of user uid=someone,ou=People,dc=something,dc=com failed: Invalid credentials

But when I check their password on the phpldapadmin interfaces, it DOES match with the password I am entering. I am trying with a default password 123456789, which works for other users created with the same script.

Any ideas ?


Authenticating with

ldapwhoami -vvv -D "uid=someone,ou=People,dc=something,dc=com" -x -W

and the password in question does return a Success (0)


The authentication of these users against the same LDAP does work on many apps, like a Dokuwiki and a Rails application using the devise ldap-authenticatable gem. Only SSH and Samba seem to have problems.

Server Fault Asked by Cyril Duchon-Doris on November 14, 2021

1 Answers

One Answer

A similar problem had occured for me a while ago. When I looked at the /var/log/messages I have seen that sshd was complaining about an illegal user. If this is the case ssh will not log you in even if your password is correct. The solution for me to was to restart nscd

service nscd restart

This being said, getent works for you, so this might not be your solution.

Answered by Gokhan Remzi Yavuz on November 14, 2021

Add your own answers!

Related Questions

rsync unexpected remote arg: [email protected]:/path

2  Asked on July 21, 2020 by pdiracdelta


Ask a Question

Get help from others!

© 2021 All rights reserved.