On Mon, 2007-05-14 at 15:51 -0700, Joshua M. Miller wrote: > Is this a client or is this the LDAP server? ---- This is both the master server and of course, a client for users ---- > Also, which LDAP server do > you employ? ---- # rpm -qa|grep openldap openldap-servers-2.3.27-5 openldap-2.3.27-5 openldap-clients-2.3.27-5
the version that comes from RHELv5 I have this same setup on many different networks and have never had a problem with RHEL 3 or RHEL 4 but something doesn't seem to work right in RHELv5 even though I have chosen 'local authentication is sufficient' in the checkbox of 'system-config-authentication' just like always as you can sort of tell from the contents of /etc/pam.d/system-auth below ---- > > Thanks, > -- > Joshua M. Miller - RHCE,VCP > > > Craig White wrote: > > My main server, I upgraded from RHEL 3 to RHEL 5 and I imported my LDAP > > DSA to the upgraded server which is the main server for our network > > including the LDAP master. > > > > I want to use both local authentication and LDAP authentication as I > > normally do but I am really struggling here. > > > > in /etc/nsswitch: > > passwd: files ldap > > shadow: files ldap > > group: files ldap > > > > which is normal > > > > and 'getent passwd' command will return all my users & groups from > > both /etc/passwd|group and LDAP and users can login to various services > > from either LDAP or /etc/passwd > > > > # ssh [EMAIL PROTECTED] > > [EMAIL PROTECTED]'s password: > > Last login: Mon May 14 11:24:12 2007 from xxx > > [EMAIL PROTECTED] ~]# exit > > > > that works well (root from /etc/passwd) > > > > # ssh [EMAIL PROTECTED] > > [EMAIL PROTECTED]'s password: > > -sh-3.1$ > > > > that works well (craig is in LDAP not /etc/passwd) > > > > But if I try to restart services whose user is in /etc/passwd such as > > restarting LDAP, BIND (named), etc. the system hangs and hopefully times > > out and it even prevents it from booting up unless I shut off LDAP > > authentication on startup and set it after startup > > > > # cat /etc/pam.d/system-auth > > #%PAM-1.0 > > # This file is auto-generated. > > # User changes will be destroyed the next time authconfig is run. > > auth required pam_env.so > > auth sufficient pam_unix.so nullok try_first_pass > > auth requisite pam_succeed_if.so uid >= 500 quiet > > auth sufficient pam_ldap.so use_first_pass > > auth required pam_deny.so > > > > account required pam_unix.so broken_shadow > > account sufficient pam_localuser.so > > account sufficient pam_succeed_if.so uid < 500 quiet > > account [default=bad success=ok user_unknown=ignore] pam_ldap.so > > account required pam_permit.so > > > > password requisite pam_cracklib.so try_first_pass retry=3 > > password sufficient pam_unix.so md5 shadow nullok try_first_pass > > use_authtok > > password sufficient pam_ldap.so use_authtok > > password required pam_deny.so > > > > session optional pam_keyinit.so revoke > > session required pam_limits.so > > session [success=1 default=ignore] pam_succeed_if.so service in > > crond quiet use_uid > > session required pam_unix.so > > session optional pam_ldap.so > > > > HELP! > > > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list -- Craig White <[EMAIL PROTECTED]> _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
