For our system, it is just this
/etc/nsswitch.conf passwd: files ldap group: files ldap
And you have to have some users in /etc/passwd Some groups in /etc/group And of course passwords in /etc/shadow.
Thats all there is.
-----Ursprüngliche Nachricht----- Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Sean Leinart Gesendet: Montag, 9. Februar 2009 19:18 An: openldap-technical@openldap.org Betreff: Unable to logon to any server as a locally defined user if theOpenLDAP server is unavailable.
Greetings OpenLDAP Technical Mailing List,
I would generally consider myself at the newb status when it comes to LDAP in the Linux environment. I have acquired a network from a previous admin and my issue is that if the LDAP server is offline I can not authenticate locally on any of my servers, which is obviously a huge problem.
The version of Open LDAP is: [user@server:/usr/sbin]slapd -VV @(#) $OpenLDAP: slapd 2.2.13 (Jul 11 2008 09:16:05) $ mockbuild@builder16.centos.org:/builddir/build/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
The Linux Version is: [user@server:/]uname -a Linux server.host.local 2.6.9-42.0.10.ELsmp #1 SMP Tue Feb 27 10:11:19 EST 2007 i686 i686 i386 GNU/Linux
I have read several items regarding the fact that this can be a common issue when using LDAP authentication. I have read to check the settings in the nsswitch.conf file on the systems in question to verify that "Files" are being looked at first etc. and all of these settings appear to be correct. I am looking for guidance on what would be the best thing to do in this case, and why is it broken when the ldap server is not available. What happens is, if the LDAP server is not available, and you attempt to logon to a server locally, you enter the userid and password and you will have no activity for a minute or so then the prompt goes directly back to the login prompt. The userid and password that is being used is locally defined on the server.
Also PAM LDAP is being utilized. Any help or ideas on what to look for would be greatly appreciated.
Is there a way to just turn off the LDAP authentication on the servers. I feel that the answer to this is probably no. That would simply be too easy.
Thanks in advance for any responses.
sean sleinart@fscarolina.com
No virus found in this outgoing message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.10.19/1941 - Release Date: 2/9/2009 6:50 AM