[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv5-list] struggling with LDAP authentication

Is this a client or is this the LDAP server? Also, which LDAP server do you employ?

Joshua M. Miller - RHCE,VCP

Craig White wrote:
My main server, I upgraded from RHEL 3 to RHEL 5 and I imported my LDAP
DSA to the upgraded server which is the main server for our network
including the LDAP master.

I want to use both local authentication and LDAP authentication as I
normally do but I am really struggling here.

in /etc/nsswitch:
passwd:     files ldap
shadow:     files ldap
group:      files ldap

which is normal

and 'getent passwd' command will return all my users & groups from
both /etc/passwd|group and LDAP and users can login to various services
from either LDAP or /etc/passwd

# ssh root localhost
root localhost's password:
Last login: Mon May 14 11:24:12 2007 from xxx
[root srv1 ~]# exit

that works well (root from /etc/passwd)

# ssh craig localhost
craig localhost's password:

that works well (craig is in LDAP not /etc/passwd)

But if I try to restart services whose user is in /etc/passwd such as
restarting LDAP, BIND (named), etc. the system hangs and hopefully times
out and it even prevents it from booting up unless I shut off LDAP
authentication on startup and set it after startup

# cat /etc/pam.d/system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]