Hi,
I have configured a mixed authentication systems (LDAP + System Users).
On this system some users are configure to login via ldap rest as system users.
I observed that if the ldap server goes down, system users also not able to login.
Is there any way to prevent this, following my pam configuration.
system-auth :
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 debug minclass=4 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
nsswitch.conf
---------------------
passwd: files ldap
shadow: files ldap
group: files ldap
I get following errors in syslog, even after proving correct password.
sshd[23564]: nss_ldap: failed to bind to LDAP server ldap://10.0.119.36/: Can't contact LDAP server
sshd[23564]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
sshd[23568]: pam_ldap: ldap_simple_bind Can't contact LDAP server
sshd[23568]: Failed password for testuser from 1.2.3.4 port 33324 ssh2
sshd[23571]: fatal: Access denied for user testuser by PAM account configuration
Regards,
Meghanand N. Acharekar