root authentication problem with LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I'm using openLDAP to authenticate users in my network, the problem I have is that when the LDAP server is down or unreachable, I cannot login as root, although is a local user, that's a complication to me when I have to work in a server that has lost the connection to the network.
I did mark the option "Local auth is enough for local users", but it seems that it's not working. 

This is my pam.d/system-auth file:
#######################################################################################

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok 
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
session     required      pam_unix.so
session     optional      pam_ldap.so
#########################################################################################

And this is my /etc/openldap/ldap.conf:
########################################################################################
uri            ldaps://myserver:637/
base ou=shell,ou=accounts,ou=foo,o=com
pam_password md5
ssl yes
TLS_CACERT  /etc/openldap/cacerts/certificate.cert
BASE ou=shell,ou=accounts,ou=foo,o=com
TLS_CACERTDIR /etc/openldap/cacerts

###########################################################################################

Thanks,
--
Nicolás Cánepa
ncanepa@xxxxxxxxxxx
www.ccc.fcen.uba.ar
Teléfono - 4576-3382
CCC - Centro de Comunicación Científica
UBA - Facultad de Ciencias Exactas y Naturales
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux