SELinux + pam_ldap + sudo
Nigel Wade
nmw at ion.le.ac.uk
Thu Feb 17 15:02:10 UTC 2011
On 17/02/11 14:00, sub at nryc.fr wrote:
> Le 17/02/2011 14:26, sub at nryc.fr a écrit :
>> Hello,
>>
>> On a RHEL5 server with SELinux in "permissive" mode, I can't make sudo
>> working with pam_ldap authentication.
>>
>> pam_ldap is correctly configured : I can perform an authentication on a
>> ssh connection but once connected I can't sudo anything even though I'm
>> in the "wheel" group and this group is allowed in /etc/sudoers.
>>
>> I suspect SELinux because of all the servers I manage, this is the only
>> one with SELinux activated and the only one with "sudo" problems.
>>
>> I activated pam_ldap with "authconfig --update --enableldapauth", but I
>> manually copied the "ldap.conf" file.
>>
>> Please note that I'm not familiar with SELinux
>
> I forgot :
>
> - I can't disable SELinux
>
> - I have this error message in /var/log/message when the authentication
> fails :
>
> sudo: pam_ldap: ldap_simple_bind Can't contact LDAP server
>
There's something wrong with your LDAP configuration. The message is
pretty self explanatory.
Nothing to do with SELinux, unless you have it so badly misconfigured
that pam is unable to open sockets. In that case you would also have
SELinux errors being generated, and in permissive mode it should still
work but log the error.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the redhat-list
mailing list