Skip to Content

sshd[902]: debug1:PAM: password authentication failed for an illegal user: Authentication failure

183  admin October 7, 2024  Common Errors & Troubleshooting

Troubleshooting PAM authentication failures: Illegal user authentication in SSH

Overview:   This article tackles SSH authentication failures due to pam_ldap configuration, specifically addressing errors such as "sshd[902]: debug1:PAM: password authentication failed for an illegal user: Authentication failure." It advises on adjusting /etc/ldap.conf for RFC 2307 mappings, restarting nscd, and verifying LDAP integration using getent passwd and finger commands.

If you are getting the error when you configured pam_ldap for the backend SSH authentication.

Step 1: Ensure to uncomment the following lines in /etc/ldap.conf

# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory

Step 2: Restart the nscd service.

root@gateway:~# service nscd restart

 Step 3: The following commands should now return a result from AD/LDAP.
 
root@gateway:~# getent passwd james
 
james:*:10003:11000:james:/home/james:/usr/local/bin/ezsh
 
 
root@gateway:~# finger james
 
Login: james                      Name: james
Directory: /home/james                  Shell: /usr/local/bin/ezsh
On since Thu Feb  1 14:23 (IST) on pts/1 from 192.168.56.1
   1 hour 47 minutes idle
No mail.
No Plan.

Related Articles:
Configure Ezeelogin to authenticate using Windows_AD(Pam-Ldap) in Ubuntu.

How do I configure Ezeelogin to authenticate using Windows_AD(Pam-LDAP) in CentOS?

How to configure Ezeelogin to authenticate using Open_Ldap(Pam-Ldap) in Ubuntu?

How do I configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in CentOS?

Configure Ezeelogin to authenticate using Windows_AD / OpenLDAP in Debian.
Rating: 5 (2 Votes)