Interesting ... I was testing my configuration with a valid ldap server in ldap.conf and just kept pulling the network cable... oddly enough, if you configure ldap incorrectly, or stop the ldap service everything works fine, but if you remove the machine from the network (pull plug) you don't get anything. Which is how I've been testing everything. Kevin Thanks Oliver On Tue, 2003-09-09 at 13:45, Oliver Schulze L. wrote: > Well, its not exactly the same line. > Have you tried it in you system-auth yet? > > Here is my fully patched system-auth: > > # "check pass; user unknow". Bug #99470 > auth sufficient /lib/security/$ISA/pam_ldap.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so > # patch de bug #55193 > account [default=bad success=ok user_unknown=ignore > service_err=ignore system_err=ignore authinfo_unavail=ignore] > /lib/security/$ISA/pam_ldap.so > > # the rest, unchanged > password required /lib/security/$ISA/pam_cracklib.so retry=3 > type= > password sufficient /lib/security/$ISA/pam_unix.so nullok > use_authtok md5 shadow > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > session optional /lib/security/$ISA/pam_ldap.so > > > works for me > Oliver > > > Kevin Reck wrote: > > >That's the same line I have ... I still can't get in. > > > >Kevin > > > > > >On Tue, 2003-09-09 at 13:14, Oliver Schulze L. wrote: > > > > > >>Hi, > >>this answered the other day. > >>Configure /etc/pam.d/system-auth with this line: > >> > >>account required /lib/security/$ISA/pam_unix.so > >># patch from bug #55193 at bugzilla.redhat.com > >>account [default=bad success=ok user_unknown=ignore > >>service_err=ignore system_err=ignore authinfo_unavail=ignore] > >>/lib/security/$ISA/pam_ldap.so > >> > >> > >>It works for me in RH9 > >> > >>HTH > >>Oliver > >> > >>Kevin Reck wrote: > >> > >> > >> > >>>I am attempting to setup LDAP authentication for non-system users. > >>>Everything appears to work just find using auth-config to setup a RH9 > >>>system. root ( a local account ) can login just fine, as can ldap > >>>defined users when the box can bind to the ldap server. The problem > >>>occurs when ldap becomes unavailable. I lose the ability to log in at > >>>all. Of course the ldap defined accounts won't be able to log in, but > >>>root should be able to. Instead the system appears to hang for about > >>>one minute and then it returns me to the login prompt. There is nothing > >>>in the system logs either. Any ideas will be appreciated. > >>> > >>>------- /etc/pam.d/system-auth ------- > >>>auth required /lib/security/$ISA/pam_env.so > >>>auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > >>>auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > >>>auth required /lib/security/$ISA/pam_deny.so > >>> > >>>account required /lib/security/$ISA/pam_unix.so > >>>account [default=die success=done user_unknown=ignore > >>>service_err=ignore system_err=ignore authinfo_unavail=ignore] > >>>/lib/security/$ISA/pam_ldap.so > >>>password required /lib/security/$ISA/pam_cracklib.so retry=3 > >>>type= > >>>password sufficient /lib/security/$ISA/pam_unix.so nullok > >>>use_authtok md5 shadow > >>>password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > >>>password required /lib/security/$ISA/pam_deny.so > >>> > >>>session required /lib/security/$ISA/pam_limits.so > >>>session required /lib/security/$ISA/pam_unix.so > >>>session optional /lib/security/$ISA/pam_ldap.so > >>> > >>>-------- /etc/nsswitch.conf ------- > >>><snip> > >>>passwd: files ldap > >>>shadow: files ldap > >>>group: files ldap > >>></snip> > >>> > >>>Thank you, > >>>Kevin > >>> > >>> > >>> > >>> > >>> > >>> -- Kevin Reck Information Systems University of Wisconsin - Extension kevin.reck@xxxxxxxx (608) 262-2057 _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
