On 17/02/11 14:00, sub@xxxxxxx wrote:
> Le 17/02/2011 14:26, sub@xxxxxxx a écrit :
>> Hello,
>>
>> On a RHEL5 server with SELinux in "permissive" mode, I can't make sudo
>> working with pam_ldap authentication.
>>
>> pam_ldap is correctly configured : I can perform an authentication on a
>> ssh connection but once connected I can't sudo anything even though I'm
>> in the "wheel" group and this group is allowed in /etc/sudoers.
>>
>> I suspect SELinux because of all the servers I manage, this is the only
>> one with SELinux activated and the only one with "sudo" problems.
>>
>> I activated pam_ldap with "authconfig --update --enableldapauth", but I
>> manually copied the "ldap.conf" file.
>>
>> Please note that I'm not familiar with SELinux
>
> I forgot :
>
> - I can't disable SELinux
>
> - I have this error message in /var/log/message when the authentication
> fails :
>
> sudo: pam_ldap: ldap_simple_bind Can't contact LDAP server
>
There's something wrong with your LDAP configuration. The message is
pretty self explanatory.
Nothing to do with SELinux, unless you have it so badly misconfigured
that pam is unable to open sockets. In that case you would also have
SELinux errors being generated, and in permissive mode it should still
work but log the error.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
