[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: I can't login linux (console) using after configurate openldap
On 17/06/2010, at 6:56 AM, Bruno Steven wrote:
> HI,
>
> I have started openldap more Samba but I can't do logon via console on my
> linux, only access my system using ssh or telnet . When I am on console I
> put login and password and press "enter" , again show me screen login linux
> . If change /etc/nsswitch.conf fields passwd , shadow , group for files
> only, the login work normally , Thre is problem between openldap and pam
> ?
Am i correct in assuming you are using samba with openldap as a backend also? If so, did you put your samba to have "unix password sync = Yes"? If you did, you will need to use the command smbpasswd -a <username> and re-enter your password to unlock the accounts.
Also, have you considered that there is a /etc/pam.d/sshd file also, that may *not* have ldap configured?
>
> I paste my /etc/nsswitch.conf
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
> #hosts: db files nisplus nis dns
> hosts: files dns wins
>
> and /etc/pam.d/login
>
>
> n#%PAM-1.0
> auth required pam_securetty.so
> auth required pam_nologin.so
> auth sufficient pam_ldap.so
> auth required pam_unix2.so nullok try_first_pass #set_secrpc
> account sufficient pam_ldap.so
> account required pam_unix2.so
> password required pam_pwcheck.so nullok
> password required pam_ldap.so use_first_pass use_authtok
> password required pam_unix2.so nullok use_first_pass use_authtok
> session required pam_unix2.so none # debug or trace
> session required pam_limits.so
> session required pam_env.so
> session optional pam_mail.so
>
>
>
> #auth [user_unknown=ignore success=ok ignore=ignore default=bad]
> pam_securetty.so
> #auth include system-auth
> #account required pam_nologin.so
> #account include system-auth
> #password include system-auth
> # pam_selinux.so close should be the first session rule
> #session required pam_selinux.so close
> #session include system-auth
> #session required pam_loginuid.so
> #session optional pam_console.so
> # pam_selinux.so open should only be followed by sessions to be executed in
> the user context
> #session required pam_selinux.so open
> #session optional pam_keyinit.so force revoke
>
>
> Thanks.
>
>
> --
> Bruno Steven - Administrador de sistemas.
> LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
> https://www.lpi.org/caf/Xamman/certification
>
> MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
> https://mcp.microsoft.com/authenticate/validatemcp.aspx
>
>
> P Antes de imprimir pense em sua responsabilidade e comprometimento com o
> Meio Ambiente. Before printing this message, think about your ecologic
> responsability and environment commitment.