LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

August 2005

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS August 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Help: I can't login via the console if the network is down
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Mon, 29 Aug 2005 14:14:55 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (84 lines)

Hi Bill,

The line

account     [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore authinfo_unavail=ignore] 
/lib/security/$ISA/pam_ldap.so

is the line that is bitting you.

How do you fix it?
Get rid of it.
Won't that remove your authentication?
No, because this is in your account section, you've already passed the 
authentication section.

Troy

Bill Feero wrote:
> I'm using openLDAP on SL 4. I used authconfig to use LDAP, which modified nsswitch.conf and pam.d/system-auth.
> I can also login via the local console port.
> 
> Everything works if the network is up.
> 
> If the network is down (I simulate this by removing the network cable), When I try to login via the console port as a user
> defined locally, after 60 seconds I get a 'Login timed out' message.
> 
> I tried adding a -t 120 to the mgetty line in /etc/inittab, but I still get a 60 second timeout.
> 
> I modified the timeouts in /etc/ldap.conf from 30 to 10 seconds, but no luck.
> 
> nsswitch.conf lines that include ldap are all like this: files ldap
> 
> I know what is happening - I'm trying to contact the LDAP server, and the network is timing out.
> 
> How do I lengthen the login timeout, or get LDAP or the network to timeout within the 60 seconds?
> 
> 
> Thanks for any help or ideas.
> 
> 
> ------------------ snippet ldap.conf
> # Search timelimit
> #timelimit 30
> timelimit 10
> 
> # Bind timelimit
> #bind_timelimit 30
> bind_timelimit 10
> ------------------------
> 
> 
> -------------------- pam.d/system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so
> 
> account     required      /lib/security/$ISA/pam_unix.so broken_shadow
> account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
> account     [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
> account     required      /lib/security/$ISA/pam_permit.so
> 
> password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
> password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> password    required      /lib/security/$ISA/pam_deny.so
> 
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_ldap.so
> ~
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/CSS  CSI Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV