[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

chiarimenti su common-auth

eccomi qui di nuovo.

ho configurato su client ubuntu 10.10 common-auth come segue:

# /etc/pam.d/common-auth - authentication settings common to all services
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
 auth  sufficient      pam_ldap.so
 auth  required        pam_unix.so
# here's the fallback if no module succeeds
 auth  requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
 auth  required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

e non mi permetteva l'accesso ne con l'utente da directory ldap, ne con l'utente locale al client.

con il recovery mode ho commentato tutte le righe di common-auth, ho riavviato e ora, al login, basta che clicco sul nome dell'utente ed entra senza chiedermi password.

una volta entrato ho lanciato getent passwd e come ieri non vedo gli utenti della directory ldap. ho provato a rilanciare lo script nslcd di init.d ed ho ricevuto il seguente messaggio di errore:

stefano@dello:~$ /etc/init.d/nslcd restart
 * Restarting LDAP connection daemon nslcd                                                                                                                                                                   & nbsp;                               
start-stop-daemon: warning: failed to kill 1351: Operation not permitted
rm: cannot remove `/var/run/nslcd/nslcd.pid': Permission denied
process already running.

che mi ha lasciato perplesso

Allora ho stoppato nslcd sempre da init.d:

stefano@dello:~$ /etc/init.d/nslcd stop
 * Stopping LDAP connection daemon nslcd                                                                                                                                                                   & nbsp;                                
start-stop-daemon: warning: failed to kill 1351: Operation not permitted
1 pids were not killed
No nslcd found running; none killed.
                                                                                                                                                                                                                                        [ OK ]
rm: cannot remove `/var/run/nslcd/nslcd.pid': Permission denied

Con ps -aux ho trovato la seguente riga relativa a nslcd:

nslcd     1351  0.0  0.0  56604   928 ?        Ssl  14:13   0:00 /usr/sbin/nslcd.

ho provato a killarlo:

stefano@dello:~$ kill 1351
bash: kill: (1351) - Operation not permitted

Ho provato con sudo e questo è il risultato:

stefano@dello:~$ sudo kill 1351
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

Non ci sto capendo più nulla.
Avete idee?


Reply to: