[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

openldap - cannot access local accounts when network is down



This is in continuation to another thread titled: "LDAP client configuration question". But since the question is a bit different than that I am opening another thread...

I have two machines one acting as LDAP server (k2) and another LDAP client (kusumanchi). When the network is present, I am able to login into both local and ldap accounts from "kusumanchi". But when the network is down (unplugging the ethernet cable), I am not able to login into the client at all ... Can anyone tell me what to do?

My configuration files are as follows

1) /etc/ldap/ldap.conf

host k2.mae.cornell.edu

base o=cttg,c=US

ssl no

pam_password md5


2) /etc/nsswitch.conf
passwd:         ldap compat
group:          ldap compat
shadow:         ldap compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


3)  /etc/pam.d/common-account

account sufficient      pam_unix.so use_first_pass
account sufficient      pam_ldap.so

4) /etc/pam.d/common-auth

auth    sufficient      pam_unix.so use_first_pass
auth    sufficient      pam_ldap.so

5) /etc/pam.d/common-password

password        sufficient      pam_unix.so md5 use_first_pass
password        sufficient      pam_ldap.so

6) /etc/pam.d/common-session

session required        pam_unix.so



I also tried (a) changing "sufficient" to "required" in both the line
(b) changing the order of the lines in these configuration files
(c) changing the "use_first_pass" to "try_first_pass"

but none of them work. I want the local accounts to be checked first so I kept the "pam_ldap.so" in the second line.





Reply to: