I am trying to set up the ssh access through pamldap in Ubuntu 16.04 and after having everything configured I am not able to synchronize the /etc/passwd with the information of LDAP server.
ldapsearch works fine, so the binding options are well configured.
When I do
getent group
I can see all the groups of LDAP server, but
getent passwd
Only has the local users information.
By debugging nslcd I can see that it is able to find my user in LDAP server whenever I try to do a login (su or ssh) with a ldap user.
Additionally:
su ldap_user
Returns:
No passwd entry for user
And when I try a ssh connection, the auth.log writes:
Invalid user ldap_user from IP
input_userauth_request: invalid user ldap_user [preauth]
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP
pam_sss(sshd:auth): Request to sssd failed. Connection refused
pam_ldap(sshd:auth): Authentication failure; user=ldap_user
Failed password for invalid user ldap_user from IP port 55911 ssh2
nsswitch.conf file has:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
gshadow: files
hosts: files dns ldap
networks: files ldap
protocols: db files ldap
services: db files ldap
ethers: db files ldap
rpc: db files ldap
netgroup: nis ldap
sudoers: files
