Re: SELinux + pam_ldap + sudo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le 17/02/2011 16:02, Nigel Wade a écrit :

On a RHEL5 server with SELinux in "permissive" mode, I can't make
sudo working with pam_ldap authentication.

pam_ldap is correctly configured : I can perform an
authentication on a ssh connection but once connected I can't
sudo anything even though I'm in the "wheel" group and this group
is allowed in /etc/sudoers.

I suspect SELinux because of all the servers I manage, this is
the only one with SELinux activated and the only one with "sudo"
problems.

I activated pam_ldap with "authconfig --update --enableldapauth",
but I manually copied the "ldap.conf" file.

Please note that I'm not familiar with SELinux

I forgot :

- I can't disable SELinux

- I have this error message in /var/log/message when the
authentication fails :

sudo: pam_ldap: ldap_simple_bind Can't contact LDAP server


There's something wrong with your LDAP configuration. The message is
pretty self explanatory.

If the server could not contact the LDAP server, how can I open a ssh
session with my LDAP credentials?

Nothing to do with SELinux, unless you have it so badly
misconfigured that pam is unable to open sockets. In that case you
would also have SELinux errors being generated, and in permissive
mode it should still work but log the error.

Unfortunately, I didn't configure SELinux myself on this server and I
know little about it.

Nicolas

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux