Stephen Walton wrote:
All good questions. MTA is dead simple though, as I'm not running a server; DS in sendmail.cf is used to define our campus SMTP master as a smart mail forwarder. I only see the problem behavior on our LDAP clients, though, not on our server, which seems an important clue. There is no output whatsoever in /var/log/maillog. I can't exclude an error in ldap.conf or pam.d/system-auth although they are the ones created by redhat-config-authentication pretty much.
This may be a red herring, but have you verified that mail on the client system works outside of at/cron? What happens with "/bin/mail root" and "/bin/mail ldap_user"?
There was a fairly large change where they split the configuration into two files: /etc/mail/sendmail.cf and /etc/mail/submit.cf, and you need to make sure you put a valid null-client config in submit.cf for the client side...
I generate the submit.cf file with a .mc that looks like this: -------------------------------------------------------------- divert(0)dnl include(`/usr/share/sendmail-cf/m4/cf.m4') VERSIONID(`linux setup for Red Hat Linux')dnl define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`confTIME_ZONE', `USE_TZ')dnl define(`confPID_FILE', `/var/run/sm-client.pid')dnl dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C') MASQUERADE_AS(`my.domain.com') FEATURE(`allmasquerade') FEATURE(`msp', `[smtp.my.domain.com]')dnl dnl FEATURE(`use_ct_file')dnl --------------------------------------------------------------
Then put
DAEMON=no
QUEUE=1h
into /etc/sysconfig/sendmail (so it just runs to flush the queue in case it ever fails to connect to the central SMTP server).
If the mail configuration is working fine on its own, the next place I'd look is at the LDAP config in /etc/pam.d/system-auth. The GUI-set defaults there often seem to cause problems. I changed mine to:
#%PAM-1.0
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_ldap.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so