Validating root when LDAP server is down

Javier Ferruz Rodriguez jferruz at hotmail.com
Wed May 19 16:32:07 UTC 2004 

Hi,

I've configured my RHEL 2.1 with pam support. My LDAP Server is SunOne 
Directory 5.2. All users are validate in LDAP server except root.

All it's right when the ldap server is running, but if the ldap server is 
down, root user cannot validate in the system.

My configuration files are:

- /etc/nsswitch.conf

passwd:     files nisplus ldap
shadow:     files nisplus ldap
group:      files nisplus ldap

- /etc/pam.d/login

#%PAM-1.0
auth       required	/lib/security/pam_securetty.so
auth       required	/lib/security/pam_stack.so service=system-auth
auth       required	/lib/security/pam_nologin.so
account    required	/lib/security/pam_stack.so service=system-auth
password   required	/lib/security/pam_stack.so service=system-auth
session    required	/lib/security/pam_stack.so service=system-auth
session	   required	/lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
session    optional	/lib/security/pam_console.so

- /etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore 
system_err=ignore] /lib/security/pam_ldap.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 
shadow
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so

What it's wrong? What have I make to solve the problem?

Thanks in advance,

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

More information about the redhat-list mailing list