Jump to content

LDAP user's cannot login on local machine


Guest Kaspersky
 Share

Recommended Posts

Guest Kaspersky

Hi all,

 

I have LDAP server on SLES 10.0 and LDAP clients on Mandriva2007 and SuSE.

 

Suse works without problems but Mandriva 2007 have several one.

 

I have configured Mandriva to use ldap now ldap users can login via network without problem,

but user cannot login on local machine.

 

What did wrong?

 

PS It seems that the problems in pam module

Edited by Kaspersky
Link to comment
Share on other sites

Guest Kaspersky

Sorry for waitinh

 

grep pam_stack.so /etc/pam.d/*

/etc/pam.d/rexec:#auth required pam_stack.so service=system-auth

/etc/pam.d/rexec:#account required pam_stack.so service=system-auth

/etc/pam.d/rexec:#session required pam_stack.so service=system-auth

/etc/pam.d/rexec.rpmnew:auth required pam_stack.so service=system-auth

/etc/pam.d/rexec.rpmnew:account required pam_stack.so service=system-auth

/etc/pam.d/rexec.rpmnew:session required pam_stack.so service=system-auth

/etc/pam.d/rlogin:#auth required pam_stack.so service=system-auth

/etc/pam.d/rlogin:#account required pam_stack.so service=system-auth

/etc/pam.d/rlogin:#password required pam_stack.so service=system-auth

/etc/pam.d/rlogin:#session required pam_stack.so service=system-auth

/etc/pam.d/rlogin.rpmnew:auth required pam_stack.so service=system-auth

/etc/pam.d/rlogin.rpmnew:account required pam_stack.so service=system-auth

/etc/pam.d/rlogin.rpmnew:password required pam_stack.so service=system-auth

/etc/pam.d/rlogin.rpmnew:session required pam_stack.so service=system-auth

/etc/pam.d/rsh:#account required pam_stack.so service=system-auth

/etc/pam.d/rsh:#session required pam_stack.so service=system-auth

/etc/pam.d/rsh.rpmnew:account required pam_stack.so service=system-auth

/etc/pam.d/rsh.rpmnew:session required pam_stack.so service=system-auth

/etc/pam.d/xlock:auth required pam_stack.so service=system-auth

 

I have replaced "account required pam_stack.so service=system-auth" to

"account include system-auth"

 

But it does not help to login ldap users on local machine. ssh works without problems.

What does it means?

Link to comment
Share on other sites

try to compare this with yours or try to use this,

 

auth		required	  pam_env.so
auth		sufficient	pam_unix.so nullok try_first_pass
auth		requisite	 pam_succeed_if.so uid >= 500 quiet
auth		sufficient	pam_ldap.so use_first_pass
auth		required	  pam_deny.so

account	 required	  pam_unix.so broken_shadow
account	 sufficient	pam_localuser.so
account	 sufficient	pam_succeed_if.so uid < 500 quiet
account	 [default=bad success=ok user_unknown=ignore] pam_ldap.so
account	 required	  pam_permit.so

password	requisite	 pam_cracklib.so try_first_pass retry=3
password	sufficient	pam_unix.so md5 shadow nullok try_first_pass use_authtok
password	sufficient	pam_ldap.so use_authtok
password	required	  pam_deny.so

session optional /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022
session	 optional	  pam_keyinit.so revoke
session	 required	  pam_limits.so
session	 [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session	 required	  pam_unix.so
session	 optional	  pam_ldap.so

 

This was taken on my centos using ldap and local accounts as auth server...

Using authconfig, there's an option to chose both local and ldap. In Mandriva, using drakauth, there's no option to choose both, that may be the problem, you have to manually edit the file

/etc/pam.d/system-auth

. Try to compare yours on the above quoted. On my desktop (mandriva), I authenticate to local and winbind (AD 2003) and here's my mandriva

/etc/pam.d/system-auth

 

#%PAM-1.0

auth		required	  pam_env.so
auth		sufficient	pam_unix.so likeauth nullok
auth		sufficient	pam_winbind.so use_first_pass
auth		required	  pam_deny.so

account	 sufficient	pam_unix.so
account	 sufficient	pam_winbind.so use_first_pass
account	 required	  pam_deny.so

password	required	  pam_cracklib.so retry=3 minlen=2  dcredit=0  ucredit=0
password	sufficient	pam_unix.so nullok use_authtok md5 shadow
password	required	  pam_deny.so

session	 optional	  pam_mkhomedir.so skel=/etc/skel/ umask=0022
session	 optional	  pam_keyinit.so revoke
session	 required	  pam_limits.so
session	 required	  pam_unix.so

 

just try...

Edited by aioshin
Link to comment
Share on other sites

Guest Kaspersky

Thanks for comment but it does not help.

 

I used drakauth utility for configuring Mandriva 2007 to use ldap. ssh works but ldap users cannot login using su command

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...