My main server, I upgraded from RHEL 3 to RHEL 5 and I imported my LDAP DSA to the upgraded server which is the main server for our network including the LDAP master.
I want to use both local authentication and LDAP authentication as I normally do but I am really struggling here. in /etc/nsswitch: passwd: files ldap shadow: files ldap group: files ldap which is normal and 'getent passwd' command will return all my users & groups from both /etc/passwd|group and LDAP and users can login to various services from either LDAP or /etc/passwd # ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Mon May 14 11:24:12 2007 from xxx [EMAIL PROTECTED] ~]# exit that works well (root from /etc/passwd) # ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: -sh-3.1$ that works well (craig is in LDAP not /etc/passwd) But if I try to restart services whose user is in /etc/passwd such as restarting LDAP, BIND (named), etc. the system hangs and hopefully times out and it even prevents it from booting up unless I shut off LDAP authentication on startup and set it after startup # cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so HELP! -- Craig White <[EMAIL PROTECTED]> _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
