SELinux + pam_ldap + sudo
Marti, Robert
RJM002 at shsu.edu
Thu Feb 17 14:22:57 UTC 2011
That doesn't seem like SELinux is interfering, it seems like an issue contacting the ldap server. If it was an SELinux issue there would be avc denials in /var/log/messages and Permissive mode would not block anything.
Sent from my iPhone
On Feb 17, 2011, at 8:06 AM, "sub at nryc.fr" <sub at nryc.fr> wrote:
> Le 17/02/2011 14:26, sub at nryc.fr a écrit :
>> Hello,
>>
>> On a RHEL5 server with SELinux in "permissive" mode, I can't make sudo
>> working with pam_ldap authentication.
>>
>> pam_ldap is correctly configured : I can perform an authentication on a
>> ssh connection but once connected I can't sudo anything even though I'm
>> in the "wheel" group and this group is allowed in /etc/sudoers.
>>
>> I suspect SELinux because of all the servers I manage, this is the only
>> one with SELinux activated and the only one with "sudo" problems.
>>
>> I activated pam_ldap with "authconfig --update --enableldapauth", but I
>> manually copied the "ldap.conf" file.
>>
>> Please note that I'm not familiar with SELinux
>
> I forgot :
>
> - I can't disable SELinux
>
> - I have this error message in /var/log/message when the
> authentication fails :
>
> sudo: pam_ldap: ldap_simple_bind Can't contact LDAP server
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list