[TriLUG] LDAP Authentication Question

John Berninger john at ncphotography.com
Tue Dec 2 14:07:34 EST 2008


Tanner Lovelace wrote:
> Also, btw, note that the root account should never been in LDAP
> in the first place.  That will guarantee that you can check if local
> login works, even when ldap is up.  If, however, you do have root
> in ldap, try changing the local root password to be different from
> the one in ldap.  Then if you can log in with that password, you
> know local login is working.
>   
Well, almost...  there are certain configurations of PAM which will 
disallow local login if the LDAP server is down.  You have to make sure 
PAM is configured correctly as well.  Specifically, if this is a RHEL 
flavor of linux, you want to make sure your /etc/pam.d/system-auth file 
is configured correctly - if pam_ldap.so is "required" and you don't 
have a "pam_succeed_if.so uid < 100" line in there, chances are you've 
got implement some sort fo workaround to allow local login when LDAP is 
down.

-- 
John

Dovei'andi se tovya sagain.




More information about the TriLUG mailing list