[Ltsp-discuss] LDAP authentication mixed with passwd authentication

[Andy Rabagliati]

Folks,

  I am adding a mailserver to an existing K12LTSP setup, and
  adding LDAP auth so my mailserver can do the right thing.

  It is all redhat-based - FC1 for the K12LTSP server, and
  whitebox (RHEL) for the mailserver.

  Everything works.

  The server authenticates against /etc/passwd or LDAP.

  My problem is that the server will NOT authenticate using
  /etc/passwd if the LDAP server is not accessible - gdm
  complains about not being able to set up the account -
  even though the accounts in question are not in LDAP.

  Relaxing the account entries in /etc/pam.d/system-auth moves
  things on a bit further - I get logged in - but the desktops
  are not correct.

  /etc/nsswitch.conf carries the edits done by authconfig -

passwd:     files ldap
shadow:     files ldap
group:      files ldap

  /etc/pam.d/system-auth has the following :-

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore 
system_err=ignore] /lib/security/$ISA/pam_ldap.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

  Help ?

  What is gdm looking for ?

Cheers,    Andy!


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net