Subject: | |
From: | |
Reply To: | |
Date: | Mon, 29 Aug 2005 14:33:52 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
I'm using openLDAP on SL 4. I used authconfig to use LDAP, which modified nsswitch.conf and pam.d/system-auth.
I can also login via the local console port.
Everything works if the network is up.
If the network is down (I simulate this by removing the network cable), When I try to login via the console port as a user
defined locally, after 60 seconds I get a 'Login timed out' message.
I tried adding a -t 120 to the mgetty line in /etc/inittab, but I still get a 60 second timeout.
I modified the timeouts in /etc/ldap.conf from 30 to 10 seconds, but no luck.
nsswitch.conf lines that include ldap are all like this: files ldap
I know what is happening - I'm trying to contact the LDAP server, and the network is timing out.
How do I lengthen the login timeout, or get LDAP or the network to timeout within the 60 seconds?
Thanks for any help or ideas.
------------------ snippet ldap.conf
# Search timelimit
#timelimit 30
timelimit 10
# Bind timelimit
#bind_timelimit 30
bind_timelimit 10
------------------------
-------------------- pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
~
--
Bill Feero
Logical Solutions, Inc.
|
|
|