Hi, I am Vishwanath, I got one requirement from our clients regarding remote authentication. In which all users info present in remote user database. Currently using openssh for SSH connections. To open a new remote session via SSH, the openssh will look into the /etc/passwd file. If user present then it will allow to login using password or key authentication. But in my case all user info is present in remote database and authentication is form remote using tacacs+ server. Due to this I am facing error message as below 2017 Jan 13 10:45:51 : switch : sshd : Invalid user test from 10.12.16.16 2017 Jan 13 10:45:51 : switch : input_userauth_request: invalid user test [preauth] Please give some inputs on how to handle this scenario. Regards, Vishwanath KC +918892599848.
On Tue, Jan 24, 2017 at 4:17 PM, Vishwanath KC <vicchi.cit at gmail.com> wrote: [...]> But in my case all user info is present in remote database and > authentication is form remote using tacacs+ server.What platform is this? You probably want a NSS module or the equivalent for your platform so that getpwnam(3) knows about those users (including things like uid/gid, home directory and shell). I'm not sure TACACS can provide the required details, though. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Hi, Thanks for the replay. This is the platform which we are using. Distributor ID: Debian Description: Debian GNU/Linux 8.2 (jessie) Release: 8.2 Codename: jessie Regards, Vishwanath KC +918892599848. On Tue, Jan 24, 2017 at 11:16 AM, Darren Tucker <dtucker at zip.com.au> wrote:> On Tue, Jan 24, 2017 at 4:17 PM, Vishwanath KC <vicchi.cit at gmail.com> > wrote: > [...] > > But in my case all user info is present in remote database and > > authentication is form remote using tacacs+ server. > > What platform is this? You probably want a NSS module or the > equivalent for your platform so that getpwnam(3) knows about those > users (including things like uid/gid, home directory and shell). I'm > not sure TACACS can provide the required details, though. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. >