[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LDAP Authentication



Interesting ... I was testing my configuration with a valid ldap server
in ldap.conf and just kept pulling the network cable... oddly enough, if
you configure ldap incorrectly, or stop the ldap service everything
works fine, but if you remove the machine from the network (pull plug)
you don't get anything.  Which is how I've been testing everything.

Kevin

Thanks Oliver

On Tue, 2003-09-09 at 13:45, Oliver Schulze L. wrote:
> Well, its not exactly the same line.
> Have you tried it in you system-auth yet?
> 
> Here is my fully patched system-auth:
> 
> # "check pass; user unknow". Bug #99470
> auth        sufficient    /lib/security/$ISA/pam_ldap.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok 
> use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so
>  
> account     required      /lib/security/$ISA/pam_unix.so
> # patch de bug #55193
> account     [default=bad success=ok user_unknown=ignore 
> service_err=ignore system_err=ignore authinfo_unavail=ignore] 
> /lib/security/$ISA/pam_ldap.so
>  
> # the rest, unchanged
> password    required      /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> password    required      /lib/security/$ISA/pam_deny.so
> 
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_ldap.so
> 
> 
> works for me
> Oliver
> 
> 
> Kevin Reck wrote:
> 
> >That's the same line I have ... I still can't get in.
> >
> >Kevin
> >
> >
> >On Tue, 2003-09-09 at 13:14, Oliver Schulze L. wrote:
> >  
> >
> >>Hi,
> >>this answered the other day.
> >>Configure /etc/pam.d/system-auth with this line:
> >>
> >>account     required      /lib/security/$ISA/pam_unix.so
> >># patch from bug #55193 at bugzilla.redhat.com
> >>account     [default=bad success=ok user_unknown=ignore 
> >>service_err=ignore system_err=ignore authinfo_unavail=ignore] 
> >>/lib/security/$ISA/pam_ldap.so
> >>                                                                                
> >>
> >>It works for me in RH9
> >>
> >>HTH
> >>Oliver
> >>
> >>Kevin Reck wrote:
> >>
> >>    
> >>
> >>>I am attempting to setup LDAP authentication for non-system users. 
> >>>Everything appears to work just find using auth-config to setup a RH9
> >>>system.  root ( a local account ) can login just fine, as can ldap
> >>>defined users when the box can bind to the ldap server.  The problem
> >>>occurs when ldap becomes unavailable.  I lose the ability to log in at
> >>>all.  Of course the ldap defined accounts won't be able to log in, but
> >>>root should be able to.  Instead the system appears to hang for about
> >>>one minute and then it returns me to the login prompt.  There is nothing
> >>>in the system logs either.  Any ideas will be appreciated.  
> >>>
> >>>------- /etc/pam.d/system-auth -------
> >>>auth        required      /lib/security/$ISA/pam_env.so
> >>>auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> >>>auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> >>>auth        required      /lib/security/$ISA/pam_deny.so
> >>>
> >>>account     required      /lib/security/$ISA/pam_unix.so
> >>>account     [default=die success=done user_unknown=ignore
> >>>service_err=ignore system_err=ignore authinfo_unavail=ignore]
> >>>/lib/security/$ISA/pam_ldap.so 
> >>>password    required      /lib/security/$ISA/pam_cracklib.so retry=3
> >>>type=
> >>>password    sufficient    /lib/security/$ISA/pam_unix.so nullok
> >>>use_authtok md5 shadow
> >>>password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> >>>password    required      /lib/security/$ISA/pam_deny.so
> >>>
> >>>session     required      /lib/security/$ISA/pam_limits.so
> >>>session     required      /lib/security/$ISA/pam_unix.so
> >>>session     optional      /lib/security/$ISA/pam_ldap.so 
> >>>
> >>>-------- /etc/nsswitch.conf -------
> >>><snip>
> >>>passwd:     files ldap
> >>>shadow:     files ldap
> >>>group:      files ldap
> >>></snip>
> >>>
> >>>Thank you,
> >>>Kevin
> >>>
> >>>
> >>> 
> >>>
> >>>      
> >>>
-- 
Kevin Reck
Information Systems
University of Wisconsin - Extension
kevin reck uwex edu
(608) 262-2057




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]