Hi all,
I need some help in order to finish my configuration of pam ldap.
I got some centos5/rhel5 and i have enabled ldap authentication but when ldap is unavailable, none of user ( ldap and local ) can log in.
Some of you have ever looking for configuration that permit authentication via local user when ldap is unavailable ?
Regards
Enable local user authentication even if ldap is unavailable
Re: Enable local user authentication even if ldap is unavail
Edit /etc/nsswitch.conf and change the lines for passwd, shadow and group to have "files [SUCCESS=return] ldap"
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Enable local user authentication even if ldap is unavail
In a fairly ancient ldap article I wrote, there was another issue as well, having to do with the bind_policy setting.
See http://srobb.net/ldap.html and just do a search for bind_policy on the page.
See http://srobb.net/ldap.html and just do a search for bind_policy on the page.
New users should check the FAQ and Read Me First pages
Re: Enable local user authentication even if ldap is unavail
Hi, thanks for your reply.
I tried these 2 options but none works for me.
In fact, if nscd is running i am able to login with local user when LDAP is unavailable but when i proceed to "service nscd stop" i can't log anymore with local user.
My BIND_POLICY was already to soft and that seems to have no difference...
If anyone have others suggestions
I tried these 2 options but none works for me.
In fact, if nscd is running i am able to login with local user when LDAP is unavailable but when i proceed to "service nscd stop" i can't log anymore with local user.
My BIND_POLICY was already to soft and that seems to have no difference...
If anyone have others suggestions
Re: Enable local user authentication even if ldap is unavail
Finally, i found the solution.
4 step :
1- change bind_policy hard to soft ( /etc/pam.conf)
2- add nss_initgroups_ignoreusers userlocal1,userlocal2 ( /etc/ldap.conf)
3- add AllowGroup GROUPOFUSERLOCAL1 GROUPOFUSERLOCAL2 ( /etc/ssh/sshd_config)
4- pam_localuser.so in /etc/pam.d/system-auth in section account ( account sufficient pam_localuser.so)
Thanks for help.
4 step :
1- change bind_policy hard to soft ( /etc/pam.conf)
2- add nss_initgroups_ignoreusers userlocal1,userlocal2 ( /etc/ldap.conf)
3- add AllowGroup GROUPOFUSERLOCAL1 GROUPOFUSERLOCAL2 ( /etc/ssh/sshd_config)
4- pam_localuser.so in /etc/pam.d/system-auth in section account ( account sufficient pam_localuser.so)
Thanks for help.