Re: HELP !! Can not connect as root because LDAP is broken

To: Julien <julien@nura.eu>
Cc: Thomas Nguyen Van <t.nguyenvan@jumper.ie>, debian-security@lists.debian.org, debian@lists.debian.org
Subject: Re: HELP !! Can not connect as root because LDAP is broken
From: Josh Lauricha <josh@lauricha.com>
Date: Fri, 19 Jun 2009 10:41:42 -0700
Message-id: <[🔎] 11eea99e0906191041x670fbe7ex3655a24a3189dbc5@mail.gmail.com>
In-reply-to: <[🔎] 1245421553.11965.27.camel@pc-julien.office>
References: <[🔎] 2217785.48181245418662791.JavaMail.root@IRL-DUB-P-SRV-02> <[🔎] 1245421553.11965.27.camel@pc-julien.office>

Once you've got it fixed make your nsswitch.conf uses "compat" for
passwd, group and shadow and root has a local password. I normally
have a local non-root login to each machine as well. You can either
configure that to have a password or use ssh keys to control access
(or both). That'll save you the trouble of having to reboot the
machine with a livecd (or go to it if it's remote). For upgrades I
also leave another root shell open that I got via the non-LDAP account
(some things behave poorly when $USER isn't valid).


On Fri, Jun 19, 2009 at 7:25 AM, Julien<julien@nura.eu> wrote:
> hi !
>
> you should have a root account in /etc/passwd ?
> try to boot with a live CD, backup your /etc/nsswitch.conf, remove all
> ldap entry in this file. You should just have :
>
> passwd:         compat
> group:          compat
> shadow:         compat
>
> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
> Reboot.
>
> Additionnaly you can reset the password of the root account, by
> modifying /etc/passwd file. your first should be :
>
> root:x:0:0:root:/root:/bin/bash
>
> delete the x to obtain the following line :
>
> root::0:0:root:/root:/bin/bash
>
> now you can login with root account without password and re install your
> package.
>
> Julien.
>
>
> Le vendredi 19 juin 2009 à 14:37 +0100, Thomas Nguyen Van a écrit :
>> Hello,
>>
>> I de-installed by mistake from my Debian machine (Lenny 2.6.18-6-686) the following packages:
>> ii ldap-utils 2.3.30-5+etch2 OpenLDAP utilities
>> ii libldap-2.3-0 2.3.30-5+etch2 OpenLDAP libraries
>> ii libldap2 2.1.30-13.3 OpenLDAP libraries
>> ii libnss-ldap 251-7.5etch1 NSS module for using LDAP as a naming servic
>> ii libpam-ldap 180-1.7 Pluggable Authentication Module allowing LDA
>>
>> Since then, I can not log on as root.
>>
>> Does anyone knows how to repair the machine?
>>
>> Thanks in advance
>>
>> Thomas
>>
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>



-- 
Josh Lauricha

Reply to:

References:
- HELP !! Can not connect as root because LDAP is broken
  - From: Thomas Nguyen Van <t.nguyenvan@jumper.ie>
- Re: HELP !! Can not connect as root because LDAP is broken
  - From: Julien <julien@nura.eu>

Prev by Date: Re: HELP !! Can not connect as root because LDAP is broken
Next by Date: AUTO: Alberto Carlana is out of the office. (returning 30/06/2009)
Previous by thread: Re: HELP !! Can not connect as root because LDAP is broken
Next by thread: AUTO: Alberto Carlana is out of the office. (returning 30/06/2009)
Index(es):
- Date
- Thread