Hello Bill, The /etc/nsswitch only defines the name services to use and their order ie. usernames, servicenames, etc. (Not Auth!) LDAP can do all of this and a lot more(as u well know). Once the nameservices are setup u must still use authentication to permit access. If you are using the RH RPMS then use the 2.0 admin guide it will steer u in the right direction for the recommended storage of only user data within the LDAP directory and the setup of the pam files to use the local passwd for root.(talk about your run-on sentence) (Make sure that u BACKUP pam.d first!) HTH, Jesse
Bill Dossett said: > which file is this in? still don't understand why the order > in nsswitch.conf files coming first, doesn't check files > first?...; bu anyway Thanks again.. > > Bill..... > > Jesse Jacobs wrote: >> Bill, >> Sorry forgot to mention that on the pam_ldap line is where u setup the >> timeout >> HTH, >> J. >> Jesse Jacobs said: >> >>>Hello Bill, >>>Is your pam set correctly? >>>did u use the RH auth setup? >>>If so u might wanna use pam-ldap then pam_unix first_pass >>>HTH, >>>Jesse >>> >>>Bill Dossett said: >>> >>>>Hi, >>>> >>>>Can anyone please tell me why the following is occurring? >>>> >>>>I have one openLDAP server running under RH8.0... I then >>>>have a number of other servers that authenticate via the >>>>main openLDAP server... these range from RH7.2 to RH8.0. >>>> >>>>The pertinent portion of my nsswitch.conf is thus: >>>> >>>>passwd: files nisplus ldap >>>>shadow: files nisplus ldap >>>>group: files nisplus ldap >>>> >>>>the root account is set on each machine using passwd,shadow,group, it >>>> is not set in openLDAP. >>>> >>>>The problem I have is that if the openLDAP server is down, it takes >>>> ages... like 5 minutes, to login as root or to do anything which >>>> checks authentication... to me it should be checking files for this >>>> first before ldap... but that certainly does not seem how it is... I >>>> will have a replica openLDAP server soon, but I would like to >>>>understand this fully... does anyone know how to fix that.. .or know >>>> anywhere where there are people that know how to fix this? >>>> >>>>Thanks >>>> >>>>Bill Dossett >>>> >>>> >>>> >>>>-- >>>>redhat-list mailing list >>>>unsubscribe mailto:[EMAIL PROTECTED] >>>> https://listman.redhat.com/mailman/listinfo/redhat-list >>> >>> >>>----------------------------------------- >>>Jesse Jacobs, R.H.C.T. >>>Ajax, ON Canada >> >> >> >> ----------------------------------------- >> Jesse Jacobs, R.H.C.T. >> Ajax, ON Canada >> > > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list ----------------------------------------- Jesse Jacobs, R.H.C.T. Ajax, ON Canada -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
