SSH with LDAP authentication (ActiveDirectory) and ssh keys stored in AD

Environment : Ubuntu 14.04 & 16.04 Servers, Active Directory on Windows Server 2016, Ubuntu 14.04 & 16.04 clients. Ubuntu servers and clients are not on the domain.

Hello everyone,

I'm a little lost with all ways to achieve ldap authentication for ssh. But I can't find a suitable one for me.

My wish : I wan't to connect to my servers by login in with "sAMAccount@serverIP", my SSH keys are stored in my AD (new field added as odiSSHPubKeys). My server well communicate with my AD (ldapsearch query). I achieved that by updating my sshdconfig :

/etc/ssh/sshd_config

AuthorizedKeysCommand /usr/bin/auth
AuthorizedKeysCommandUser root

/usr/bin/auth

#!/bin/bash

cn=$1
server=ldap.myad.net #Put your server IP
basedn=dc=mydomain,dc=net #Put your basedn
port=389
bindUser=myBindUser
bindPass=myBindUserPassword
#cn=mathieu

ldapsearch -LLL -o ldif-wrap=no -x -h $server -p $port -b $basedn -D $bindUser -w $bindPass -s sub "(sAMAccountName=$cn)" | sed -n 's/^[ \t]*odiSSHPubKeys:[ \t]*\(.*\)/\1/p'

When I connect to [email protected], I'm kicked by preauth

/var/log/auth.log

Apr 18 11:56:26 MLL-HV-UBU-16 sshd[9103]: Invalid user mathieu from 192.168.0.114
Apr 18 11:56:26 MLL-HV-UBU-16 sshd[9103]: input_userauth_request: invalid user mathieu [preauth]
Apr 18 11:56:26 MLL-HV-UBU-16 sshd[9103]: Connection closed by 192.168.0.114 port 50152 [preauth]

So my problem is that "mathieu" doesn't exist as user on my Ubuntu server. I try to force my cn in my /usr/bin/auth and log with root account ([email protected]) and it works, so my /usr/bin/auth id good.

How can I disable preauth check to let ldap works ?

PS : I don't want a login/password authentication (for this solution, there is a lot of tutos, but not many for ssh keys or old ones).

Thanks for your help