cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP and local root login

SOLVED
Go to solution
Alexander Chuzhoy
Honored Contributor

LDAP and local root login

Hi all.
I have a centralized management of users via LDAP.
Whenever the network goes down - I can't login locally (rhel ws 4 update 1) with local root's account (I also can't login with users defined in LDAP - but that's to be expected).
In /etc/nsswitch.conf in passwd line I have: passwd: files ldap
I also use nscd for caching.

The nscd package version I use is
nscd-2.3.4-2.13
If someone knows how to fix this-please help.
Thanks.
5 REPLIES
Aco Blazeski
Regular Advisor

Re: LDAP and local root login

It was long time ago since I've played with this one.

I can't give you the exact solution, but I think that you should look for solution in /etc/pam.d directory.

I think that similar problem I've solved with commenting the following line in /etc/pam.d/system-auth:

#account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so

Note: there is also a command for configuring/changing system-auth file, but don't have linux box at the moment to find the syntax :-(

Hope at least I gave you the direction
Ivan Ferreira
Honored Contributor

Re: LDAP and local root login

Also, try setting in sswitch.conf:

passwd: ldap [UNAVAIL=continue] files
group:ldap [UNAVAIL=continue] files
shadow: ldap [UNAVAIL=continue] files
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Alexander Chuzhoy
Honored Contributor

Re: LDAP and local root login

still have this problem,
when I disconnect my system from the network,
I can't login as root (nor with any LDAP user) on any terminal.
Get an error message
"cannot retrieve authentication info"
Can anyone help?
Ivan Ferreira
Honored Contributor
Solution

Re: LDAP and local root login

What is the configuration of /etc/pam.d/system-auth

Did you run authconfig and configured to use local authentication also?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Alexander Chuzhoy
Honored Contributor

Re: LDAP and local root login

Thanks!