Enabling LDAP for Dropbear

[Thomaiyar, Richard Marian]

Ratan, which pam config file you tried. It should be done in 
/etc/pam.d/login (Not tried this, but can give  a try)

The problem with pam_mkhomedir.so is the home directory will not be 
deleted after logout, and may end up with stale home directories (Need 
to figure out a way for this?).

Not aware about this  Autofs, need to understand about this, before 
making any comment.

regards,
Richard


On 8/28/2018 3:23 PM, Ratan Gupta wrote:
> Hi All,
>
> As part of enable LDAP on the BMC,We are enabling the LDAP on the 
> dropbear(ssh server) through pam configuration,I am facing a problem 
> when the ssh client trying to connect the bmc through ssh.
>
> There are two steps involved when ssh client connect to the ssh server.
> 1) Authentication
> 2) Open the shell
>
> I could have seen that authentication gets success but opening the 
> shell got failed since the home directory should be existing for the 
> ldap user.
>
> To solve this I tried to make the following changes in the pam config 
> file.
>
> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ 
> umask=0077 debug >>> pam_mkhomedir should have been created the 
> directory.
> session sufficient      pam_unix.so debug
> session sufficient /lib/security/pam_ldap.so debug
>
> Even after making the above changes I don't see that the home 
> directory was created.
>
> NOTE:- If I create the directory in advance then I am not facing this 
> problem.
>
> We have other option to solve this is to mount directories over 
> network with the use of autofs service
>
> https://help.ubuntu.com/community/AutofsLDAP
>
> Can some body help me what could be other option to create the home 
> directories and which one is used industry wise?
>
> Ratan
>