Hi,
I had implemented pam_ldap on my CentOS5, works fine even if ldap become unreachable but i can't find solution to allow local authentication when network is disconnect.
When i disconnect the server, authentication become impossible.
Some of you have ideas ? Which files are important ? /etc/pam.d/system-auth or other one ?
Regards
Enable local authentication when network is unreachable.
Re: Enable local authentication when network is unreachable.
In /etc/nsswitch.conf do you have
Code: Select all
passwd: files [SUCCESS=return] ldap
shadow: files [SUCCESS=return] ldap
group: files [SUCCESS=return] ldap
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Enable local authentication when network is unreachable.
i have this :
passwd: files ldap
shadow: files ldap
group: files ldap
passwd: files ldap
shadow: files ldap
group: files ldap
Re: Enable local authentication when network is unreachable.
Yes. On el5 you need to amend the lines to look like mine. You may also need to have bind_policy soft in /etc/ldap.conf and possibly lower the bind_timelimit.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Enable local authentication when network is unreachable.
I tried your suggestions without success. ( files nsswitch.conf / bind policy soft and bind_timeout 5 )
When i disconnect all cable from my server and i tried to connect via console it ask for login then password then it stop and i can't enter other password.
When i disconnect all cable from my server and i tried to connect via console it ask for login then password then it stop and i can't enter other password.
Re: Enable local authentication when network is unreachable.
Yeah, this is a long standing bug. What's interesting is that it usually doesn't cause a problem if there are ANY ldap servers around, even if it's on to which the machine can't authenticate. Some people have had more success adding this to /etc/ldap.conf
Years ago I put up a page on LDAP, but it's out of date. It may be useful in some places, though, and you can search for bind_policy on the page.
http://srobb.net/ldap.html
Code: Select all
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbushttp://srobb.net/ldap.html
New users should check the FAQ and Read Me First pages
Re: Enable local authentication when network is unreachable.
Hi !
Thanks for reply, yes i got already this line :
I know this page because before this issue i worked for enable ssh for localuser even if LDAP is unreachable. It WORKS but i can't find why when network is disconnect i can't log on with local user through console access..
Thanks for reply, yes i got already this line :
Code: Select all
nss_initgroups_ignoreusers root Re: Enable local authentication when network is unreachable.
My bad. 30 sec after log authentication access as root it was success 
Just question of time !
Thanks for help
Just question of time !Thanks for help