SELinux + pam_ldap + sudo
sub at nryc.fr
sub at nryc.fr
Thu Feb 17 15:57:19 UTC 2011
Le 17/02/2011 16:02, Nigel Wade a écrit :
>>> On a RHEL5 server with SELinux in "permissive" mode, I can't make
>>> sudo working with pam_ldap authentication.
>>>
>>> pam_ldap is correctly configured : I can perform an
>>> authentication on a ssh connection but once connected I can't
>>> sudo anything even though I'm in the "wheel" group and this group
>>> is allowed in /etc/sudoers.
>>>
>>> I suspect SELinux because of all the servers I manage, this is
>>> the only one with SELinux activated and the only one with "sudo"
>>> problems.
>>>
>>> I activated pam_ldap with "authconfig --update --enableldapauth",
>>> but I manually copied the "ldap.conf" file.
>>>
>>> Please note that I'm not familiar with SELinux
>>
>> I forgot :
>>
>> - I can't disable SELinux
>>
>> - I have this error message in /var/log/message when the
>> authentication fails :
>>
>> sudo: pam_ldap: ldap_simple_bind Can't contact LDAP server
>>
>
> There's something wrong with your LDAP configuration. The message is
> pretty self explanatory.
If the server could not contact the LDAP server, how can I open a ssh
session with my LDAP credentials?
> Nothing to do with SELinux, unless you have it so badly
> misconfigured that pam is unable to open sockets. In that case you
> would also have SELinux errors being generated, and in permissive
> mode it should still work but log the error.
Unfortunately, I didn't configure SELinux myself on this server and I
know little about it.
Nicolas
More information about the redhat-list
mailing list