[TriLUG] LDAP Authentication Question

[Sean Leinart]

Would it help to see the contents of that file?
There doesn't appear to be any system-discernable information
contained within.

Sean

-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
Behalf Of John Berninger
Sent: Tuesday, December 02, 2008 2:08 PM
To: Triangle Linux Users Group General Discussion
Subject: Re: [TriLUG] LDAP Authentication Question

Tanner Lovelace wrote:
> Also, btw, note that the root account should never been in LDAP
> in the first place.  That will guarantee that you can check if local
> login works, even when ldap is up.  If, however, you do have root
> in ldap, try changing the local root password to be different from
> the one in ldap.  Then if you can log in with that password, you
> know local login is working.
>   
Well, almost...  there are certain configurations of PAM which will 
disallow local login if the LDAP server is down.  You have to make sure 
PAM is configured correctly as well.  Specifically, if this is a RHEL 
flavor of linux, you want to make sure your /etc/pam.d/system-auth file 
is configured correctly - if pam_ldap.so is "required" and you don't 
have a "pam_succeed_if.so uid < 100" line in there, chances are you've 
got implement some sort fo workaround to allow local login when LDAP is 
down.

-- 
John

Dovei'andi se tovya sagain.

-- 
TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions