[prev in list] [next in list] [prev in thread] [next in thread]
List: nssldap
Subject: RE: [nssldap] unable to login to root if ldap down
From: "Jennifer Fountain" <jfountain () rbinc ! com>
Date: 2005-10-26 20:13:39
Message-ID: 263BA4045D3FA84D9C1B09F5F959B9B60C26B051 () picasso ! rb ! net
[Download RAW message or body]
had the same problem.
add this line to the account:
account sufficient /lib/security/pam_localuser.so
So, it would read like this:
account sufficient /lib/security/pam_unix.so
account sufficient /lib/security/pam_localuser.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
HTH
Jennifer
_____
From: owner-nssldap@padl.com [mailto:owner-nssldap@padl.com] On Behalf
Of Murphy, Brian
Sent: Wednesday, October 26, 2005 1:52 PM
To: nssldap@padl.com
Subject: [nssldap] unable to login to root if ldap down
-----Original Message-----
From: Murphy, Brian
Sent: Wednesday, October 26, 2005 10:34 AM
To: 'OpenLDAP-software@openldap.org'
Subject: unable to login to root if ldap down
I have a few RedHat linux machines all configured to use an openldap
directory for authentication and user information. I have the
nsswitch.conf set to use files and ldap for passwd, shadow and group.
If the ldap server is down I am unable to login using root or any other
account that is defined in the local files. Once ldap is restored, I
can login again. Can someone point me to the issue here? Is this a
pam.d config issue?
Nsswitch.conf
<
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
>
/etc/pam.d/system-auth
<
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore syste
m_err=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok shad
ow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
>
Brian Murphy
Eastern Illinois University
*********************************************************************************
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the intended
recipient is prohibited. If you received this in error, please contact the sender
and delete the material from any computer
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2769" name=GENERATOR>
<STYLE>@font-face {
font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.emailstyle17 {
COLOR: windowtext; FONT-FAMILY: Arial
}
SPAN.EmailStyle18 {
COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff
size=2></FONT> </DIV>
<DIV><SPAN class=887530920-26102005><FONT face=Arial color=#0000ff size=2>had
the same problem.</FONT></SPAN></DIV>
<DIV><SPAN class=887530920-26102005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=887530920-26102005><FONT face=Arial color=#0000ff size=2>add
this line to the account:</FONT></SPAN></DIV><FONT face=Arial color=#0000ff
size=2>account sufficient
/lib/security/pam_localuser.so</FONT>
<DIV><SPAN class=887530920-26102005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=887530920-26102005><FONT face=Arial color=#0000ff size=2>So, it
would read like this:</FONT></SPAN></DIV>
<DIV><SPAN class=887530920-26102005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=887530920-26102005><FONT face=Arial color=#0000ff
size=2>account sufficient
/lib/security/pam_unix.so<BR>account
sufficient
/lib/security/pam_localuser.so<BR>account [default=bad
success=ok user_unknown=ignore service_err=ignore system_err=ignore]
/lib/security/pam_ldap.so<BR></FONT></SPAN></DIV><!-- Converted from text/plain format --><BR>
<P><FONT size=2><SPAN class=887530920-26102005>HTH</SPAN></FONT></P>
<P><FONT size=2><SPAN class=887530920-26102005></SPAN>Jennifer</FONT> </P>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> owner-nssldap@padl.com
[mailto:owner-nssldap@padl.com] <B>On Behalf Of </B>Murphy,
Brian<BR><B>Sent:</B> Wednesday, October 26, 2005 1:52 PM<BR><B>To:</B>
nssldap@padl.com<BR><B>Subject:</B> [nssldap] unable to login to root if ldap
down<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original
Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Murphy,
Brian <BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Wednesday, October
26, 2005 10:34 AM<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B>
'OpenLDAP-software@openldap.org'<BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> unable to login to root if ldap
down</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=#0000ff size=2><SPAN
style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have a few RedHat linux machines
all configured to use an openldap directory for authentication and user
information. I have the nsswitch.conf set to use files and ldap for
passwd, shadow and group. If the ldap server is down I am unable to login
using root or any other account that is defined in the local files. Once
ldap is restored, I can login again. Can someone point me to the issue
here? Is this a pam.d config issue?</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Nsswitch.conf</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">passwd:
files ldap</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">shadow:
files ldap</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">group:
files ldap</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#hosts: db
files nisplus </SPAN></FONT><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">nis</SPAN></FONT><FONT face=Arial
size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> dns</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">hosts:
files dns</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">/etc/pam.d/system-auth</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"># This file is
auto-generated.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"># User changes will be destroyed the
next time authconfig is run.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">auth
required
/lib/security/$ISA/pam_env.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">auth
sufficient /lib/security/$ISA/pam_unix.so likeauth
nullok</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">auth
sufficient /lib/security/$ISA/pam_ldap.so
use_first_pass</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">auth
required
/lib/security/$ISA/pam_deny.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">account
required
/lib/security/$ISA/pam_unix.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">account
[default=bad success=ok user_unknown=ignore service_err=ignore
syste</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">m_err=ignore]
/lib/security/$ISA/pam_ldap.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">password
required /lib/security/$ISA/pam_cracklib.so
retry=3 type=</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">password
sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
shad</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">ow</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">password
sufficient /lib/security/$ISA/pam_ldap.so
use_authtok</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">password
required
/lib/security/$ISA/pam_deny.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">session
required
/lib/security/$ISA/pam_limits.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">session
required
/lib/security/$ISA/pam_unix.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">session
optional
/lib/security/$ISA/pam_ldap.so</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Brian Murphy</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Eastern </SPAN></FONT><FONT
face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Illinois</SPAN></FONT><FONT
face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">
</SPAN></FONT><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">University</SPAN></FONT></P></DIV>
<p><pre>
*********************************************************************************
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the intended
recipient is prohibited. If you received this in error, please contact the sender
and delete the material from any computer
</pre></p>
</BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic