[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I can't login linux (console) using after configurate openldap

On 17/06/2010, at 6:56 AM, Bruno Steven wrote:

> HI,
> 
> I have started  openldap more Samba but I can't do logon via console on my
> linux, only access my system using ssh or telnet . When I am on console I
> put login and password and press "enter" , again show me screen login linux
> . If change /etc/nsswitch.conf fields passwd , shadow , group for files
> only,  the login work normally , Thre is problem between  openldap  and pam
> ?

Am i correct in assuming you are using samba with openldap as a backend also? If so, did you put your samba to have "unix password sync = Yes"? If you did, you will need to use the command smbpasswd -a <username> and re-enter your password to unlock the accounts. 

Also, have you considered that there is a /etc/pam.d/sshd file also, that may *not* have ldap configured?

> 
> I paste my /etc/nsswitch.conf
> 
> passwd:     files  ldap
> shadow:     files  ldap
> group:      files  ldap
> 
> #hosts:     db files nisplus nis dns
> hosts:      files dns wins
> 
> and /etc/pam.d/login
> 
> 
> n#%PAM-1.0
> auth     required    pam_securetty.so
> auth     required    pam_nologin.so
> auth     sufficient  pam_ldap.so
> auth     required    pam_unix2.so   nullok try_first_pass #set_secrpc
> account  sufficient  pam_ldap.so
> account  required    pam_unix2.so
> password required    pam_pwcheck.so nullok
> password required    pam_ldap.so    use_first_pass use_authtok
> password required    pam_unix2.so   nullok use_first_pass use_authtok
> session  required    pam_unix2.so   none # debug or trace
> session  required    pam_limits.so
> session  required    pam_env.so
> session  optional    pam_mail.so
> 
> 
> 
> #auth [user_unknown=ignore success=ok ignore=ignore default=bad]
> pam_securetty.so
> #auth       include      system-auth
> #account    required     pam_nologin.so
> #account    include      system-auth
> #password   include      system-auth
> # pam_selinux.so close should be the first session rule
> #session    required     pam_selinux.so close
> #session    include      system-auth
> #session    required     pam_loginuid.so
> #session    optional     pam_console.so
> # pam_selinux.so open should only be followed by sessions to be executed in
> the user context
> #session    required     pam_selinux.so open
> #session    optional     pam_keyinit.so force revoke
> 
> 
> Thanks.
> 
> 
> -- 
> Bruno Steven - Administrador de sistemas.
> LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
> https://www.lpi.org/caf/Xamman/certification
> 
> MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
> https://mcp.microsoft.com/authenticate/validatemcp.aspx
> 
> 
> P Antes de imprimir pense em sua responsabilidade e comprometimento com o
> Meio Ambiente. Before printing this message, think about your ecologic
> responsability and environment commitment.