Re: new user, question about authentication

[Matthew Schumacher <matt.s@aptalaska.net>]

Jacob,

The simple way to make this work on redhat is by using the command 
`authconfig`, however if the directory is unavalable then everything breaks.

To fix that you must change the line in system-auth:

from> account     sufficient      /lib/security/pam_unix.so
to  > account     required        /lib/security/pam_ldap.so

While this lets you login when ldap is down you have a new problem. See:

http://www.netsys.com/pamldap/2002/06/msg00046.html

for details.

schu

jacob walcik wrote:
> i've got openldap working for the first time using the rpm's available 
> with redhat 7.3:
> openldap-clients-2.0.27-2.7.3
> nss_ldap-189-4
> openldap-2.0.27-2.7.3
> openldap12-1.2.13-8
> openldap-servers-2.0.27-2.7.3
>
> i migrated my configuration/user info with the script that redhat 
> includes for doing so, however, now i've run into a problem.  i have two 
> machines setup to authenticate against the ldap directory.  the one 
> openldap is running on, and another test box.
>
> on both machines, if i try to log in w/ an account that only exists in 
> ldap, it fails.  if i try to log in with an account that only exists on 
> the system, it succeeds.  if i try to log in w/ an account that exists 
> in both, only the password for the system works.
>
> i can look in my messages log and see that the login was handled by 
> pam_unix, however i don't see any failures (or any messages at all) from 
> pam_ldap.  according to the ldap docs on openldap.org (quickstart guide 
> and the integration chapter) and redhat.com i've added the correct 
> entries to /etc/ldap.conf and /etc/openldap/slapd.conf.  can someone get 
> me pointed in the right direction for where to go from here?
>
> ldap.conf:
> host sarge.lamc.utexas.edu
> base dc=lamc,dc=utexas,dc=edu
> ssl no
> pam_password md5
>
> nsswitch.conf
> passwd: ldap files nisplus
> shadow: ldap files nisplus
> group: ldap files nisplus
>
> --
> jacob walcik
> jwalcik@mail.utexas.edu