Did not seem to work, I have use_first_pass in there, but as you have pointed out the unix ones are before the ldap server.
My problem was that I had killed the LDAP db and when I tried to log in as root, it came up with an error from pam, saying something about the ldap module failing. So once I got back into the system I tried it by shutting down the ldap server and the same problem arose. I don't think it is a problem with the userid/password more a problem with the module attempting to load. But now I have another problem that the archive can't seem to help me with when I attempt to change the password of a user I get this [test@sydlxfw01 test]$ passwd passwd: Authentication token manipulation error [test@sydlxfw01 test]$ Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Waugh Sent: Sunday, 28 April 2002 9:13 PM To: [EMAIL PROTECTED] Subject: Re: [SLUG] LDAP Q <quote who="Alex Samad"> > Now by reckoning, authentication with check ldap first (via nsswitch.conf) > and if failing that move on to files and then nisplus. So if an account > is not in the ldap DB but in the local /etc/passwd files it will use this > account. ... but you have unix before ldap in all of those lists. > My only problem now, if the above is true, is that if the LDAP server is > done, I can not login because the module doesn't exit gracefully, is there a > way for it to be configured to do that. So that even if the account is in > the local DB files and ldap is down I can not authenticate! It will generally go on to the next one, but for a nicer way, use "try_first_pass" (described in your PAM documentation). - Jeff -- We're kind of like Canada, only we hate ourselves more, and it's wetter around the edges. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
