openldap - cannot access local accounts when network is down
This is in continuation to another thread titled: "LDAP client
configuration question". But since the question is a bit different than
that I am opening another thread...
I have two machines one acting as LDAP server (k2) and another LDAP
client (kusumanchi). When the network is present, I am able to login
into both local and ldap accounts from "kusumanchi". But when the
network is down (unplugging the ethernet cable), I am not able to login
into the client at all ... Can anyone tell me what to do?
My configuration files are as follows
1) /etc/ldap/ldap.conf
host k2.mae.cornell.edu
base o=cttg,c=US
ssl no
pam_password md5
2) /etc/nsswitch.conf
passwd: ldap compat
group: ldap compat
shadow: ldap compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
3) /etc/pam.d/common-account
account sufficient pam_unix.so use_first_pass
account sufficient pam_ldap.so
4) /etc/pam.d/common-auth
auth sufficient pam_unix.so use_first_pass
auth sufficient pam_ldap.so
5) /etc/pam.d/common-password
password sufficient pam_unix.so md5 use_first_pass
password sufficient pam_ldap.so
6) /etc/pam.d/common-session
session required pam_unix.so
I also tried (a) changing "sufficient" to "required" in both the line
(b) changing the order of the lines in these configuration files
(c) changing the "use_first_pass" to "try_first_pass"
but none of them work. I want the local accounts to be checked first so
I kept the "pam_ldap.so" in the second line.
Reply to: