[TriLUG] LDAP Authentication Question

[Robert Dale]

On Tue, Dec 2, 2008 at 1:27 PM, Sean Leinart <sleinart at fscarolina.com> wrote:
> Hi All,
>
> I am new to this group and faily new to Linux and OSS as a whole, I have dabbled with it for some time but this is the first gig that I have had that I need to do things in a production environment. This list looks like a good place to get good answers so here goes. I have inherited this network from a previous admin that had setup LDAP autentication for the entire network. the servers use ldap as well. A short time back we had the ldap server drop a drive and go offline. When the server was down obviously there was no authentication to the domain etc. We needed to access another server and attempted to logon at the console of said server. At the console we were unable to logon, assuming this is due to ldap being offline. I did a bit of research and looked at the /etc/nsswith.conf file. In this file all of the authentication is set to look at Files first then LDAP. Why then the inability for the local root account to login locally. I have been tasked with taking the critical
>  servers out of the ldap authentication loop. Is this the best thing to do or is there a way to force the local auth if ldap is down, or should I just remove the servers from ldap authentication? Thanks in advance for any assistance.

See also /etc/pam.d/system-auth

-- 
Robert Dale