[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_ldap: What if LDAP server not reachable?

To: Johnny Morano <johnny.morano@vlaanderen.be>
Subject: Re: pam_ldap: What if LDAP server not reachable?
From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>
Date: Fri, 07 Feb 2003 14:20:15 +0100
Cc: openldap-software@OpenLDAP.org
References: <1044621017.13796.34.camel@s018581.sci.vlaanderen.be>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Yes I still don't known why Redhat keeps running with this config ?

I add "account sufficient /lib/security/pam_localuser.so" in system auth and it work fine:

$ cat /etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account required /lib/security/pam_unix.so account sufficient /lib/security/pam_localuser.so account [default=bad success=ok service_err=ignore system_err=ignore] /lib/security/pam_ldap.so

password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so

notice I also removed user_unknow=ignore in account pam_ldap to enable pam_filters in /etc/ldap.conf !

Johnny Morano wrote:

Howdy...
I'm playing at bit with PAM (for the first time) and after 3 days now, /me is going bananas, seriously... myProblem: I use pam_ldap to authenticate users against an LDAP server. This nice redhat 8.0 installation f**** up my network settings if i specify module options in /etc/modules.conf. This is the least of my probs. BUT, if my network doesn't get enabled, i'm also not enable to reach the LDAP server. You would think: 'but you can still login as root, right?'... wrong. i can't login as root, which makes boot in single user mode, enable all the network stuff manually and login as root. you know, once all the network stuff is enabled and working, i have no problems logging in as root (which is a local account), but i the network is down, /me == :(
does anybody know a solution?
tia,
johnny -bananas- morano
this is my (the default redhat) pam config file:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so
account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore]
/lib/security/pam_ldap.so
password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so


--
Jehan Procaccia 			| Ingenieur Systemes & Reseaux
Institut National des Telecommunications| Tel : +33 (0) 160764436
MCI, Moyens Communs Informatiques  | Mail: Jehan.Procaccia@int-evry.fr
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321

References:
- pam_ldap: What if LDAP server not reachable?
  - From: Johnny Morano <johnny.morano@vlaanderen.be>

Prev by Date: Re: OpenLdap on Ensim, Plesk, Cpane
Next by Date: Re: basic ldapsearch problem
Index(es):
- Chronological
- Thread