[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: System user login fails if ldap goes down.

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: System user login fails if ldap goes down.
From: Meghanand Acharekar <vasco.debian@gmail.com>
Date: Fri, 4 Feb 2011 13:27:36 +0530
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=aPyW3QIKM7t935Q+30y+oR3wHVJi/7MYsXUuyIMcsUw=; b=eJ733JuD+jaw0xtuNBEDpDuf0L/RRVTz96jbnZj2ahcfeQjKLkeCGRIZrIqiQvC2A8 Ypwt9tqql6Bj8ytx9i+2tVpwHYFAdteOQ31Yblf1eqqjtC1QH18AtQus/cfBUYExd8KS 4n/xbMTMc50hTadnw6V+tx6epm8KXF5OnWxog=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=VQ+y0XOOx41BibrYaYR2LyEpyOs6ifgTca1vY1OfNShYDil8zVxy9zp8V3JKOkFlo3 nPoQLf9xW3kadzje3fxfzRZOJsM+mgUjxlSRX81qP3v45zl4JVJYX1Jl486By+gcw2zS zXXm15Cdxyg9DTjNJTr55euDQyAVKJt9R2iyM=
In-reply-to: <201102031636.35792.bgmilne@staff.telkomsa.net>
References: <AANLkTikV1nFUbWPbDAGdaddoVcY+2u7jT9hDLiU6gdKT@mail.gmail.com> <201102031636.35792.bgmilne@staff.telkomsa.net>

Thanks for the information.

But is not working for me.

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

In Syslog (/var/log/secure) its keep on printing.

Accepted password for testuser from 1.2.3.4 port 46747 ssh2
failed to bind to LDAP server ldap://10.0.119.36/: Can't contact LDAP server
failed to bind to LDAP server ldap://10.0.119.36/: Can't contact LDAP server
reconnecting to LDAP server (sleeping 4 seconds)...
failed to bind to LDAP server ldap://10.0.119.36/: Can't contact LDAP server
reconnecting to LDAP server (sleeping 8 seconds)...
failed to bind to LDAP server ldap://10.0.119.36/: Can't contact LDAP server
reconnecting to LDAP server (sleeping 16 seconds)...

Yes, I'm using RHEL-5.4

Thanks & Regards,
Meghanand N. Acharekar

On Thu, Feb 3, 2011 at 8:06 PM, Buchan Milne <bgmilne@staff.telkomsa.net> wrote:

On Thursday, 3 February 2011 14:34:21 Meghanand Acharekar wrote:
> Hi,
>
> I have configured a mixed authentication systems (LDAP + System Users).
> On this system some users are configure to login via ldap rest as system
> users.
> I observed that if the ldap server goes down, system users also not able to
> login.
> Is there any way to prevent this, following my pam configuration.
>
> system-auth :
>
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth sufficient pam_ldap.so use_first_pass
> auth required pam_deny.so
>
> account required pam_unix.so broken_shadow
> account sufficient pam_succeed_if.so uid < 500 quiet

Replace the above line with:
account sufficient pam_localuser.so

If you have pam_localuser.so available (you didn't mention which distro, but
it seems to be RH-derived).

Regards,
Buchan

Follow-Ups:
- Re: System user login fails if ldap goes down.
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- System user login fails if ldap goes down.
  - From: Meghanand Acharekar <vasco.debian@gmail.com>
- Re: System user login fails if ldap goes down.
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: How to use LDAP_OPT_CONNECT_ASYNC?
Next by Date: Re: System user login fails if ldap goes down.
Index(es):
- Chronological
- Thread