Well, its not exactly the same line. Have you tried it in you system-auth yet?
Here is my fully patched system-auth:
# "check pass; user unknow". Bug #99470
auth sufficient /lib/security/$ISA/pam_ldap.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
# patch de bug #55193
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
# the rest, unchanged password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so
works for me Oliver
Kevin Reck wrote:
That's the same line I have ... I still can't get in.
Kevin
On Tue, 2003-09-09 at 13:14, Oliver Schulze L. wrote:
Hi, this answered the other day. Configure /etc/pam.d/system-auth with this line:
account required /lib/security/$ISA/pam_unix.so
# patch from bug #55193 at bugzilla.redhat.com
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
It works for me in RH9
HTH Oliver
Kevin Reck wrote:
I am attempting to setup LDAP authentication for non-system users. Everything appears to work just find using auth-config to setup a RH9
system. root ( a local account ) can login just fine, as can ldap
defined users when the box can bind to the ldap server. The problem
occurs when ldap becomes unavailable. I lose the ability to log in at
all. Of course the ldap defined accounts won't be able to log in, but
root should be able to. Instead the system appears to hang for about
one minute and then it returns me to the login prompt. There is nothing
in the system logs either. Any ideas will be appreciated.
------- /etc/pam.d/system-auth ------- auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account [default=die success=done user_unknown=ignore
service_err=ignore system_err=ignore authinfo_unavail=ignore]
/lib/security/$ISA/pam_ldap.so password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
-------- /etc/nsswitch.conf ------- <snip> passwd: files ldap shadow: files ldap group: files ldap </snip>
Thank you, Kevin
-- Oliver Schulze L. <oliver@xxxxxxxxxxxxx>
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list