Problem with user root
Tay, Gary
Gary_Tay at platts.com
Fri May 21 16:28:25 UTC 2004
Sorry pam_rootok is used by "su - user" command that does not require root pw, and therefore not related to this issue.
What about:
Add this line to your system-auth file:
account sufficient /lib/security/pam_localuser.so
between these two:
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/pam_ldap.so
I got the above from:
http://www.netsys.com/pamldap/2003/03/msg00049.html
Let us know if it works.
Rgds
Gary
-----Original Message-----
From: pam-list-bounces at redhat.com on behalf of Javier Ferruz Rodriguez
Sent: Fri 5/21/2004 11:09 PM
To: pam-list at redhat.com
Cc:
Subject: RE: Problem with user root
Hi,
I've added in the /etc/pam.d/system-auth the next line
auth sufficient /lib/security/pam_rootok.so
but the user root can't login in the system yet.
In the logs, I get the next error messages:
login: pam_ldap: ldap_simple_bind Can't contact LDAP server
login: Authentication service cannot retrieve authentication info
I've probed with pam_localuser.so too, but I get the same error.
>From: "Tay, Gary" <Gary_Tay at platts.com>
>Reply-To: Pluggable Authentication Modules <pam-list at redhat.com>
>To: "Pluggable Authentication Modules" <pam-list at redhat.com>
>Subject: RE: Problem with user root
>Date: Fri, 21 May 2004 17:00:46 +0800
>
>Hi,
>
>Just guessing, u may want to add "rootok" somewhere...
>
>See /usr/share/doc/pam-0.75/txts/README.pam_rootok, and all text files
>in the txts dir.
>
>Rgds
>Gary
>
># $Id: README,v 1.1.1.1 2000/06/20 22:11:56 agmorgan Exp $
>#
>
>this module is an authentication module that performs one task: if the
>id of the user is '0' then it returns 'PAM_SUCCESS' with the
>'sufficient' /etc/pam.conf control flag it can be used to allow
>password free access to some service for 'root'
>
>Recognized arguments:
>
> debug write a message to syslog indicating success or
> failure.
>
>module services provided:
>
> auth _authentication and _setcred (blank)
>
>Andrew Morgan
>
>
>-----Original Message-----
>From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
>On Behalf Of Javier Ferruz Rodriguez
>Sent: Friday, May 21, 2004 4:23 PM
>To: pam-list at redhat.com
>Subject: Problem with user root
>
>
>Hi,
>
>I've configured my RHEL 2.1 AS for authentication users in LDAP. My LDAP
>
>server is SunOne Directory 5.2
>
>My /etc/nsswitch.conf file is
>
>password files ldap
>group files ldap
>shadow files ldap
>
>My /etc/pam.d/login
>
>auth required /lib/security/pam_securetty.so
>auth required /lib/security/pam_stack.so service=system-auth
>auth required /lib/security/pam_nologin.so
>account required /lib/security/pam_stack.so service=system-auth
>password required /lib/security/pam_stack.so service=system-auth
>session required /lib/security/pam_stack.so service=system-auth
>session required /lib/security/pam_mkhomedir.so skel=/etc/skel
>umask=0022
>session optional /lib/security/pam_console.so
>
>
>My /etc/pam.d/system-auth is
>
>auth required /lib/security/pam_env.so
>auth sufficient /lib/security/pam_unix.so likeauth nullok
>auth sufficient /lib/security/pam_ldap.so use_first_pass
>auth required /lib/security/pam_deny.so
>account required /lib/security/pam_unix.so
>account [default=bad success=ok user_unknown=ignore
>service_err=ignore
>system_err=ignore] /lib/security/pam_ldap.so
>password required /lib/security/pam_cracklib.so retry=3 type=
>password sufficient /lib/security/pam_unix.so nullok use_authtok
>md5
>shadow
>password sufficient /lib/security/pam_ldap.so use_authtok
>password required /lib/security/pam_deny.so
>session required /lib/security/pam_limits.so
>session required /lib/security/pam_unix.so
>session optional /lib/security/pam_ldap.so
>
>The configuration is OK when the LDAP server is running. All users are
>validated in the LDAP server except root.
>
>When the LDAP server is down, root can't validate in the system. Why?
>
>Can anybody help me?
>
>Thanks in advance,
>
>_________________________________________________________________
>Add photos to your e-mail with MSN 8. Get 2 months FREE*.
>http://join.msn.com/?page=features/featuredemail
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com https://www.redhat.com/mailman/listinfo/pam-list
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 10062 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20040522/61bf284a/attachment.bin>
More information about the Pam-list
mailing list