Hi, I have successfully configured a Solaris 2.8 box to use FDS as the authentication server. However, one detail eludes me. I'd like to be able to inactivate accounts. This feature works fine with Linux clients. With Solaris, I can get either LDAP inactivation or local accounts work. :( If I have this in pam.conf, then the LDAP accounts are locked out correctly, but local accounts don't work at all! other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 server_policy other account required pam_ldap.so If I run ssh -d -d -d to a local account, it tells me: debug3: PAM: do_pam_account pam_acct_mgmt = 13 (No account present for user) On the other hand, if I have this in pam.conf (and that's what Gary Tay's guide recommends), than local accounts work fine, but I have a locked LDAP account that accepts ANY password: other account requisite pam_roles.so.1 other account binding pam_unix_account.so.1 server_policy other account required pam_ldap.so Is there a particular patch set, perhaps, that would solve this? Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson
