HI,
I have started openldap more Samba but I can't do logon via console on my linux, only access my system using ssh or telnet . When I am on console I put login and password and press "enter" , again show me screen login linux . If change /etc/nsswitch.conf fields passwd , shadow , group for files only, the login work normally , Thre is problem between openldap and pam ?
I paste my /etc/nsswitch.conf
passwd: files ldap shadow: files ldap group: files ldap
#hosts: db files nisplus nis dns hosts: files dns wins
and /etc/pam.d/login
n#%PAM-1.0 auth required pam_securetty.so auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_unix2.so nullok try_first_pass #set_secrpc account sufficient pam_ldap.so account required pam_unix2.so password required pam_pwcheck.so nullok password required pam_ldap.so use_first_pass use_authtok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so none # debug or trace session required pam_limits.so session required pam_env.so session optional pam_mail.so
#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so #auth include system-auth #account required pam_nologin.so #account include system-auth #password include system-auth # pam_selinux.so close should be the first session rule #session required pam_selinux.so close #session include system-auth #session required pam_loginuid.so #session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context #session required pam_selinux.so open #session optional pam_keyinit.so force revoke
Thanks.
On 17/06/2010, at 6:56 AM, Bruno Steven wrote:
HI,
I have started openldap more Samba but I can't do logon via console on my linux, only access my system using ssh or telnet . When I am on console I put login and password and press "enter" , again show me screen login linux . If change /etc/nsswitch.conf fields passwd , shadow , group for files only, the login work normally , Thre is problem between openldap and pam ?
Am i correct in assuming you are using samba with openldap as a backend also? If so, did you put your samba to have "unix password sync = Yes"? If you did, you will need to use the command smbpasswd -a <username> and re-enter your password to unlock the accounts.
Also, have you considered that there is a /etc/pam.d/sshd file also, that may *not* have ldap configured?
I paste my /etc/nsswitch.conf
passwd: files ldap shadow: files ldap group: files ldap
#hosts: db files nisplus nis dns hosts: files dns wins
and /etc/pam.d/login
n#%PAM-1.0 auth required pam_securetty.so auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_unix2.so nullok try_first_pass #set_secrpc account sufficient pam_ldap.so account required pam_unix2.so password required pam_pwcheck.so nullok password required pam_ldap.so use_first_pass use_authtok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so none # debug or trace session required pam_limits.so session required pam_env.so session optional pam_mail.so
#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so #auth include system-auth #account required pam_nologin.so #account include system-auth #password include system-auth # pam_selinux.so close should be the first session rule #session required pam_selinux.so close #session include system-auth #session required pam_loginuid.so #session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context #session required pam_selinux.so open #session optional pam_keyinit.so force revoke
Thanks.
-- Bruno Steven - Administrador de sistemas. LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4 https://www.lpi.org/caf/Xamman/certification
MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100 https://mcp.microsoft.com/authenticate/validatemcp.aspx
P Antes de imprimir pense em sua responsabilidade e comprometimento com o Meio Ambiente. Before printing this message, think about your ecologic responsability and environment commitment.
openldap-technical@openldap.org
-
Bruno Steven -
Indexer