Are you running Tripwire as well. On every RH 8.0 box I have that is running LDAP tripwire is failing. Turn off LDAP (via the nsswitch.conf file) and it works fine. Concerning the can't log in when LDAP is not available or the machine is off the network ... adding the following line fixed the problem for me: /etc/pam.d/system-auth account required /lib/security/pam_unix.so ==> account sufficient /lib/security/pam_localuser.so debug account [default=bad success=ok user_unknown=ignore \ service_err=ignore system_err=ignore] /lib/security/pam_ldap.so On Monday 24 February 2003 10:39, sentinel wrote: > Everything else? You mean besides ssh? Well.. I'm definitely not an > expert in PAM nor Ldap. I've been working hard core with it the last > month and learned a great deal (we're implementing ldap for single > source sign on). We plan on using it for much more including Apache > authentication, address book management and so on. Other services such > as login seem to work fine with ldap setup this way. I haven't tried > many beyond login, ssh and apache (with ldap authentication). > > Something I'm unhappy about ldap and authentication is a lack of > flexability. When ldap is unavailable then local files are not > queried. It's really weird. I have my nsswitch.conf setup to check > local files first then ldap. You would think I can still login with > local user accounts regardless of my ldap status. Nope. Someone in > the redhat list mentioned it was a bug with nss_ldap. ::sigh:: > > To resolve this problem I'm setting up 3 ldap servers :-) Just in > case. Otherwise I'm thrilled over our solution. Now if we could only > resolve the pam_mkhomedir problem with ssh running privsep :-) > > One thing at a time ::grinz:: > > Quoting Justin Zygmont <jzygmont@solarflow.dyndns.org>: > > oh, that. what about everything else though, there are examples > > from the > > nss-ldap package but I noticed some of them don't even work. Time to > > read > > up on pam:) > > > > On Mon, 24 Feb 2003, sentinel wrote: > > > I have an ldap server and clients running redhat 8.0. Authconfig > > > > modified > > > > > the pam files when I enabled ldap authentication. Actually it > > > didn't > > > > modify > > > > > sshd however system-auth was modified with the ldap entries. > > > > > > Quoting Justin Zygmont <jzygmont@solarflow.dyndns.org>: > > > > not the pam files. _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list