[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: new user, question about authentication



Jacob,

The simple way to make this work on redhat is by using the command `authconfig`, however if the directory is unavalable then everything breaks.

To fix that you must change the line in system-auth:

from> account     sufficient      /lib/security/pam_unix.so
to  > account     required        /lib/security/pam_ldap.so

While this lets you login when ldap is down you have a new problem. See:

http://www.netsys.com/pamldap/2002/06/msg00046.html

for details.

schu

jacob walcik wrote:
i've got openldap working for the first time using the rpm's available with redhat 7.3:
openldap-clients-2.0.27-2.7.3
nss_ldap-189-4
openldap-2.0.27-2.7.3
openldap12-1.2.13-8
openldap-servers-2.0.27-2.7.3


i migrated my configuration/user info with the script that redhat includes for doing so, however, now i've run into a problem. i have two machines setup to authenticate against the ldap directory. the one openldap is running on, and another test box.

on both machines, if i try to log in w/ an account that only exists in ldap, it fails. if i try to log in with an account that only exists on the system, it succeeds. if i try to log in w/ an account that exists in both, only the password for the system works.

i can look in my messages log and see that the login was handled by pam_unix, however i don't see any failures (or any messages at all) from pam_ldap. according to the ldap docs on openldap.org (quickstart guide and the integration chapter) and redhat.com i've added the correct entries to /etc/ldap.conf and /etc/openldap/slapd.conf. can someone get me pointed in the right direction for where to go from here?

ldap.conf:
host sarge.lamc.utexas.edu
base dc=lamc,dc=utexas,dc=edu
ssl no
pam_password md5

nsswitch.conf
passwd: ldap files nisplus
shadow: ldap files nisplus
group: ldap files nisplus

--
jacob walcik
jwalcik@mail.utexas.edu