ldap用户增加后无法登陆

ldap用户增加后无法登陆192.168.0.100，查配置步骤：

1、登陆ldap，查看用户分组，用户sudoer分组权限，增加主机192.168.0.100

2、检查/etc/pam/system-auth都有pam_ldap.so

grep ldap /etc/pam.d/system-auth
auth        sufficient    pam_ldap.so use_first_pass
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
password    sufficient    pam_ldap.so use_authtok
session     optional      pam_ldap.so

3、检查/etc/ssh/sshd_config配置

AllowGroups  soft yunwei 增加新用户分组tech

4、重启sshd

/etc/init.d/sshd restart

检查防火墙iptables -nvL

5、仍然无效

查日志/var/log/secure

Mar 12 13:26:48 server100 sshd[879]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.38  user=wangyin
Mar 12 13:26:56 server100 sshd[907]: User user01 from 192.168.0.38 not allowed because none of user's groups are listed in AllowGroups
Mar 12 13:26:56 server100 sshd[908]: input_userauth_request: invalid user user01
Mar 12 13:26:58 server100 sshd[907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.38  user=wangyin
Mar 12 13:26:58 server100 sshd[907]: pam_ldap: error trying to bind as user "cn=user01,ou=users,dc=abc,dc=com" (Invalid credentials)

6、分组我明明已经添加了。

ps -ef|grep sshd发现sshd进程没有更新，kill掉，重启sshd正常了。

相关日志