- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: LDAP and Local authentication
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2010 06:07 AM
тАО06-10-2010 06:07 AM
LDAP and Local authentication
Attached is my /etc/pam.d/system-auth-ac.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2010 06:57 AM
тАО06-10-2010 06:57 AM
Re: LDAP and Local authentication
Take a look at /etc/nsswitch.conf.
There actually is in /etc a sample file nsswitch.ldap, which should be used and manipulated to make sure your pam configuration gets used.
passwd: files ldap
This will say use files first, then go to ldap.
You can reverse it if you like.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2010 11:59 PM
тАО06-10-2010 11:59 PM
Re: LDAP and Local authentication
That has been done several times but it did not work.
/etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2010 03:05 AM
тАО06-15-2010 03:05 AM
Re: LDAP and Local authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2010 06:07 AM
тАО06-15-2010 06:07 AM
Re: LDAP and Local authentication
It's a good test to ensure local files are being accessed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2010 06:40 AM
тАО06-15-2010 06:40 AM
Re: LDAP and Local authentication
Do you have the LDAP-UX client installed in your HP-UX server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2010 09:59 AM
тАО06-15-2010 09:59 AM
Re: LDAP and Local authentication
Without the LDAP configuation, the local account do logon successfully but what I want to achieve is to configure the LDAP to control the authentication and also to be able to logon locally when the LDAP fails (resilence).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2010 01:19 PM
тАО06-15-2010 01:19 PM
Re: LDAP and Local authentication
Do you have the LDAP-UX client installed on the HP-UX server?
The LDAP client is what will allow the HP-UX server to connect to the LDAP server. By the way where is your LDAP service running?
Was this working before or you are trying to make it work now as a new setup?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-16-2010 12:15 AM
тАО06-16-2010 12:15 AM
Re: LDAP and Local authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-16-2010 05:21 AM
тАО06-16-2010 05:21 AM
Re: LDAP and Local authentication
You have to distinguish between "local" and "LDAP" accounts. A local account exists only in the local server in /etc/passwd, an LDAP account exists only in the LDAP directory. When LDAP is down you can not authenticate users locally unless they are in the local password file. Of course you don't want to put every account in the local password file, it would defeat the purpose of having LDAP and centralized user management.
What you should be looking at is to set up directory "replicas" so that when the main LDAP server is down, the clients can authenticate using the replica directories in other servers.
You should identify several servers in your environment and make them LDAP replicas so that you never lose the LDAP service when one or more directory servers go down.