Problem with user root

Tay, Gary Gary_Tay at platts.com
Fri May 21 16:28:25 UTC 2004 

Sorry pam_rootok is used by "su - user" command that does not require root pw, and therefore not related to this issue.
 
What about: 
 
Add this line to your system-auth file:
account     sufficient         /lib/security/pam_localuser.so

between these two:
account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore]  /lib/security/pam_ldap.so
 
I got the above from:
 
http://www.netsys.com/pamldap/2003/03/msg00049.html
 
Let us know if it works.
 
Rgds
Gary

	-----Original Message----- 
	From: pam-list-bounces at redhat.com on behalf of Javier Ferruz Rodriguez 
	Sent: Fri 5/21/2004 11:09 PM 
	To: pam-list at redhat.com 
	Cc: 
	Subject: RE: Problem with user root
	
	

	Hi,
	
	I've added in the /etc/pam.d/system-auth the next line
	
	auth sufficient /lib/security/pam_rootok.so
	
	but the user root can't login in the system yet.
	
	In the logs, I get the next error messages:
	
	login: pam_ldap: ldap_simple_bind Can't contact LDAP server
	login: Authentication service cannot retrieve authentication info
	
	I've probed with pam_localuser.so too, but I get the same error.
	
	
	
	>From: "Tay, Gary" <Gary_Tay at platts.com>
	>Reply-To: Pluggable Authentication Modules <pam-list at redhat.com>
	>To: "Pluggable Authentication Modules" <pam-list at redhat.com>
	>Subject: RE: Problem with user root
	>Date: Fri, 21 May 2004 17:00:46 +0800
	>
	>Hi,
	>
	>Just guessing, u may want to add "rootok" somewhere...
	>
	>See /usr/share/doc/pam-0.75/txts/README.pam_rootok, and all text files
	>in the txts dir.
	>
	>Rgds
	>Gary
	>
	># $Id: README,v 1.1.1.1 2000/06/20 22:11:56 agmorgan Exp $
	>#
	>
	>this module is an authentication module that performs one task: if the
	>id of the user is '0' then it returns 'PAM_SUCCESS' with the
	>'sufficient' /etc/pam.conf control flag it can be used to allow
	>password free access to some service for 'root'
	>
	>Recognized arguments:
	>
	>         debug           write a message to syslog indicating success or
	>                         failure.
	>
	>module services provided:
	>
	>         auth            _authentication and _setcred (blank)
	>
	>Andrew Morgan
	>
	>
	>-----Original Message-----
	>From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
	>On Behalf Of Javier Ferruz Rodriguez
	>Sent: Friday, May 21, 2004 4:23 PM
	>To: pam-list at redhat.com
	>Subject: Problem with user root
	>
	>
	>Hi,
	>
	>I've configured my RHEL 2.1 AS for authentication users in LDAP. My LDAP
	>
	>server is SunOne Directory 5.2
	>
	>My /etc/nsswitch.conf file is
	>
	>password files ldap
	>group files ldap
	>shadow files ldap
	>
	>My /etc/pam.d/login
	>
	>auth       required /lib/security/pam_securetty.so
	>auth       required /lib/security/pam_stack.so service=system-auth
	>auth       required /lib/security/pam_nologin.so
	>account    required /lib/security/pam_stack.so service=system-auth
	>password   required /lib/security/pam_stack.so service=system-auth
	>session    required /lib/security/pam_stack.so service=system-auth
	>session    required /lib/security/pam_mkhomedir.so skel=/etc/skel
	>umask=0022
	>session    optional /lib/security/pam_console.so
	>
	>
	>My /etc/pam.d/system-auth is
	>
	>auth        required      /lib/security/pam_env.so
	>auth        sufficient    /lib/security/pam_unix.so likeauth nullok
	>auth        sufficient    /lib/security/pam_ldap.so use_first_pass
	>auth        required      /lib/security/pam_deny.so
	>account     required      /lib/security/pam_unix.so
	>account     [default=bad success=ok user_unknown=ignore
	>service_err=ignore
	>system_err=ignore] /lib/security/pam_ldap.so
	>password    required      /lib/security/pam_cracklib.so retry=3 type=
	>password    sufficient    /lib/security/pam_unix.so nullok use_authtok
	>md5
	>shadow
	>password    sufficient    /lib/security/pam_ldap.so use_authtok
	>password    required      /lib/security/pam_deny.so
	>session     required      /lib/security/pam_limits.so
	>session     required      /lib/security/pam_unix.so
	>session     optional      /lib/security/pam_ldap.so
	>
	>The configuration is OK when the LDAP server is running. All users are
	>validated in the LDAP server except root.
	>
	>When the LDAP server is down, root can't validate in the system. Why?
	>
	>Can anybody help me?
	>
	>Thanks in advance,
	>
	>_________________________________________________________________
	>Add photos to your e-mail with MSN 8. Get 2 months FREE*.
	>http://join.msn.com/?page=features/featuredemail
	>
	>
	>_______________________________________________
	>Pam-list mailing list
	>Pam-list at redhat.com https://www.redhat.com/mailman/listinfo/pam-list
	>
	>
	>_______________________________________________
	>Pam-list mailing list
	>Pam-list at redhat.com
	>https://www.redhat.com/mailman/listinfo/pam-list
	
	_________________________________________________________________
	Add photos to your e-mail with MSN 8. Get 2 months FREE*.
	http://join.msn.com/?page=features/featuredemail
	
	
	_______________________________________________
	Pam-list mailing list
	Pam-list at redhat.com
	https://www.redhat.com/mailman/listinfo/pam-list
	

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 10062 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20040522/61bf284a/attachment.bin>

More information about the Pam-list mailing list