[TriLUG] LDAP Authentication Question
John Berninger
john at ncphotography.com
Tue Dec 2 14:07:34 EST 2008
Tanner Lovelace wrote:
> Also, btw, note that the root account should never been in LDAP
> in the first place. That will guarantee that you can check if local
> login works, even when ldap is up. If, however, you do have root
> in ldap, try changing the local root password to be different from
> the one in ldap. Then if you can log in with that password, you
> know local login is working.
>
Well, almost... there are certain configurations of PAM which will
disallow local login if the LDAP server is down. You have to make sure
PAM is configured correctly as well. Specifically, if this is a RHEL
flavor of linux, you want to make sure your /etc/pam.d/system-auth file
is configured correctly - if pam_ldap.so is "required" and you don't
have a "pam_succeed_if.so uid < 100" line in there, chances are you've
got implement some sort fo workaround to allow local login when LDAP is
down.
--
John
Dovei'andi se tovya sagain.
More information about the TriLUG
mailing list