Operating System - Linux
1748144 Members
3666 Online
108758 Solutions
New Discussion юеВ

Re: LDAP User could not access system

 
SOLVED
Go to solution
skt_skt
Honored Contributor

Re: LDAP User could not access system


see this too

# grep account /etc/pam.d/system-auth
account required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_tally.so deny=5 no_magic_root reset
Gary L
Super Advisor

Re: LDAP User could not access system

Normally, when we execute command " failog -m #", How to set the value of max number?
Gary L
Super Advisor

Re: LDAP User could not access system

In my /etc/login.defs file, no LOGIN_RETRIES setting. Should I set it, value?

and
no entries of account required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_tally.so deny=5 no_magic_root reset in my system-auth file.
Ivan Ferreira
Honored Contributor

Re: LDAP User could not access system

>> How to set the value of max number?

As described in the previous post, the system-auth file specifies the maximum.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Gary L
Super Advisor

Re: LDAP User could not access system

Your mean, If I wanna do the login failure tally, I should add below entry:
account required pam_tally.so deny=5 no_magic_root
in /etc/pam.d/system-auth. "5" is the max faulure attempt value, right? If the user failure five times, the system will block his account or do nothing? If the account be blocked by over the limitation, as the system admin how to help him? faillog -r?
Gary L
Super Advisor

Re: LDAP User could not access system

Hi Santhosh

What't the means of "reset" in the end of the line ...deny=5 no_magic_root reset

thanks guys
Ivan Ferreira
Honored Contributor

Re: LDAP User could not access system

For full informatio about pam_tally, please see:

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_tally.html

And yes, the administrator must reset the counter to enable access to the account (the account is not disabled, it cannot login by PAM restrictions, is different from usermod -L).
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Gary L
Super Advisor

Re: LDAP User could not access system

Thanks a lot Ivan