[Date Prev][Date Next] [Chronological] [Thread] [Top]

System user login fails if ldap goes down.

To: openldap-technical@openldap.org
Subject: System user login fails if ldap goes down.
From: Meghanand Acharekar <vasco.debian@gmail.com>
Date: Thu, 3 Feb 2011 18:04:21 +0530
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:from:date:message-id:subject:to :content-type; bh=ZhxoIONgoGZ8ixGJ4Xy8GQFGkzSbPqpFu7otqkGr3G0=; b=WpVNfRyqa1RqqiJ8w3gj0jXrVQ6dYsuivPFyGGl2ev4DSENwa39EmGN+DgsTe2QYeB TgyMgKKyCo1bqqEsL5CPirsO2HoeRDmOs7EZIBtWsbjEISNvkEzMNgoi7z4co0lIe0ur 5GY/4WXsiIN5IPy4z9b5nhuZTLh+36eVoTeGA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=cu4aiyydeuBGueue6s+rrLOwbn2vdTfQT+aDwL5ZJ6prxtmiiwHpi5HIwqjgMFpTx5 Nm7OkpQ+Nswii0aOm8wcrFxoWF8KpZiXJiweI0FlgMtmZ5m+mkOaKbv+liHSh3+9yYMg vw9bcr4eUkbjB+CPZTdJZ1RO6OWvJFB3OQYmM=

Hi,

I have configured a mixed authentication systems (LDAP + System Users).
On this system some users are configure to login via ldap rest as system users.
I observed that if the ldap server goes down, system users also not able to login.
Is there any way to prevent this, following my pam configuration.

system-auth :

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 debug minclass=4 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

nsswitch.conf
---------------------
passwd:     files ldap
shadow:     files ldap
group:      files ldap

I get following errors in syslog, even after proving correct password.

sshd[23564]: nss_ldap: failed to bind to LDAP server ldap://10.0.119.36/: Can't contact LDAP server
sshd[23564]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
sshd[23568]: pam_ldap: ldap_simple_bind Can't contact LDAP server
sshd[23568]: Failed password for testuser from 1.2.3.4 port 33324 ssh2
sshd[23571]: fatal: Access denied for user testuser by PAM account configuration

Regards,

Meghanand N. Acharekar

Follow-Ups:
- Re: System user login fails if ldap goes down.
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: "Tagging" and Data Access: a request for advice and help
Next by Date: Re: ldap_bind: Invalid credentials (49)
Index(es):
- Chronological
- Thread