Re: LDAP Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Maybe you get DNS timeouts when you unplug the cable. Thats all :-)

Oliver

Kevin Reck wrote:

Interesting ... I was testing my configuration with a valid ldap server
in ldap.conf and just kept pulling the network cable... oddly enough, if
you configure ldap incorrectly, or stop the ldap service everything
works fine, but if you remove the machine from the network (pull plug)
you don't get anything.  Which is how I've been testing everything.

Kevin

Thanks Oliver

On Tue, 2003-09-09 at 13:45, Oliver Schulze L. wrote:


Well, its not exactly the same line.
Have you tried it in you system-auth yet?

Here is my fully patched system-auth:

# "check pass; user unknow". Bug #99470
auth sufficient /lib/security/$ISA/pam_ldap.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass
auth required /lib/security/$ISA/pam_deny.so


account required /lib/security/$ISA/pam_unix.so
# patch de bug #55193
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so


# the rest, unchanged
password    required      /lib/security/$ISA/pam_cracklib.so retry=3
type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so


works for me Oliver


Kevin Reck wrote:




That's the same line I have ... I still can't get in.

Kevin


On Tue, 2003-09-09 at 13:14, Oliver Schulze L. wrote:





Hi,
this answered the other day.
Configure /etc/pam.d/system-auth with this line:

account required /lib/security/$ISA/pam_unix.so
# patch from bug #55193 at bugzilla.redhat.com
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so


It works for me in RH9

HTH
Oliver

Kevin Reck wrote:





I am attempting to setup LDAP authentication for non-system users. Everything appears to work just find using auth-config to setup a RH9
system. root ( a local account ) can login just fine, as can ldap
defined users when the box can bind to the ldap server. The problem
occurs when ldap becomes unavailable. I lose the ability to log in at
all. Of course the ldap defined accounts won't be able to log in, but
root should be able to. Instead the system appears to hang for about
one minute and then it returns me to the login prompt. There is nothing
in the system logs either. Any ideas will be appreciated.


------- /etc/pam.d/system-auth -------
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account [default=die success=done user_unknown=ignore
service_err=ignore system_err=ignore authinfo_unavail=ignore]
/lib/security/$ISA/pam_ldap.so password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so


session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so


-------- /etc/nsswitch.conf -------
<snip>
passwd:     files ldap
shadow:     files ldap
group:      files ldap
</snip>

Thank you,
Kevin









-- Oliver Schulze L. <oliver@xxxxxxxxxxxxx>




_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux