Synology Inc. Online Community Forum

Synology Inc. Online Community Forum

Skip to content

SSH access for LDAP users

An integrated account management LDAP server for DiskStations, Linux, and Mac clients.
Post a reply

SSH access for LDAP users

Postby tonycpsu » Sat Mar 10, 2012 6:39 pm

I've set up my DS1511+ (running DSM 4.0 2198) as an LDAP server. Most things seem to be working, but I can't seem to log in via SSH with LDAP users.

If I just try to "su" to an LDAP user, I get the following error:

Code: Select all
mona> su user@domain.loc
su: can't run /sbin/nologin: No such file or directory


However, the user has a loginShell attribute in LDAP (set to /bin/sh). It appears something in the Synology LDAP setup is ignoring this mapping. I thought there might be some attribute filtering going on in /usr/syno/etc/nslcd.conf, but "loginShell" doesn't appear there.

Has anyone managed to get ssh logins of LDAP users working, and if so, what did you do?

Thanks
tonycpsu
I'm New!
I'm New!
 
Posts: 4
Joined: Sat Mar 10, 2012 6:11 pm
Top

Re: SSH access for LDAP users

Postby bud77 » Sat Mar 10, 2012 8:06 pm

Try to edit your /etc/passwd file, and make sure those users have a valid shell login
User avatar
bud77
Knowledgeable
Knowledgeable
 
Posts: 371
Joined: Tue Mar 06, 2012 3:23 pm
Location: France
Top

Re: SSH access for LDAP users

Postby tonycpsu » Sat Mar 10, 2012 8:07 pm

These are LDAP users, not local users. LDAP users don't have /etc/passwd entries.
tonycpsu
I'm New!
I'm New!
 
Posts: 4
Joined: Sat Mar 10, 2012 6:11 pm
Top

Re: SSH access for LDAP users

Postby tonycpsu » Thu Mar 15, 2012 4:10 pm

So, I got a response to my support request about this issue:

Thank you for contacting Synology America Tech Support. My name is Ryan, and I am glad to assist you.



Unfortunately, SSH is only available for admin and root. The admin password is linked to the root user.



Please contact us if you need further assistance.


Kind of a bummer. I wonder if things would work if I installed the optware openssh port instead of relying on the crippled Synology sshd.
tonycpsu
I'm New!
I'm New!
 
Posts: 4
Joined: Sat Mar 10, 2012 6:11 pm
Top

Re: SSH access for LDAP users

Postby dvizard » Sat Apr 21, 2012 8:24 pm

Bump! This sucks horsedicks.

First off, their answer is clearly wrong. SSH is clearly possible for non-root local users. It's even possible with PPK authentication if the home user directory is never messed with (like, moved around and [Please control your language].) Just not for LDAP users.

Second, all I would need to know is where that mapping takes place. Since most users actually log in on Ubuntu machines, it makes sense to separate the Synology-side login shell from the Ubuntu-side login shell (/bin/bash in our case), since /bin/bash isn't available on the (plain) Synology. All I would need to do is to overwrite the /sbin/nologin replacement.
dvizard
I'm New!
I'm New!
 
Posts: 3
Joined: Tue Jan 24, 2012 12:33 am
Top

Re: SSH access for LDAP users

Postby exp3rt » Tue Mar 19, 2013 1:59 am

I am stuck with the same issue - ssh login and usage of rsync by user defined in LDAP. Did you ever find out what's going wrong here?
exp3rt
I'm New!
I'm New!
 
Posts: 7
Joined: Fri Jan 02, 2009 9:21 pm
Top
Post a reply

Return to Directory Server

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group