LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-06-2006, 07:27 PM   #1
ldapsky
LQ Newbie
 
Registered: May 2006
Posts: 1

Rep: Reputation: 0
how to enable root login on console when LDAP server is down


Hi:

I have configured the RedHat 7.2 server as LDAP client machine and it works well except that when LDAP server is down, there is no way I can login to the console as root. The only way is to run linux rescue mode to disable the LDAP by running authconfig command.

Please help to direct me how to change the required configuration files to make it work so that when LDAP server is down, I, at least, can login as root to make the change on the server instead of the boot from the CD to run linux rescue.

Here is my configuration files on RedHat 7.2:

1. /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
sudoers: files ldap

2./etc/pam.d/system-auth
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so

account required /lib/security/pam_unix.so
account required /lib/security/pam_ldap.so

password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so

session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so

3. /etc/ldap.conf
host ldapsjreplica.xxx.com
base dc=xxx,dc=com
ssl start_tls
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
tls_ciphers TLSv1
pam_password md5
sudoers_base ou=sudoers,dc=xxx,dc=com

4. /etc/openldap/ldap.conf
BASE dc=www,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
HOST ldapsjreplica.xxx.com

Here is the testing:

1) make sure LDAP server ldapsjreplica.xxx.com is up
/etc/init.d/ldap start

2) let's call RedHat 7.2 server ldapclnt72
and enable telnet server for this testing

3) on third server, do
telnet ldapclnt72

login: jack // jack is on the LDAP database not in the
local /etc/passwd and /etc/shadow file

password: xxxxxxx // correct password

it works !

5) let's stop the LDAP server
on LDAP server ldapsjreplica.xxx.com, do
/etc/init.d/ldap stop

2) on LDAP client server ldapclnt72, do
tail -f /var/log/secure

3) on third server, do
telnet ldapclnt72

login: jack // jack is on the LDAP database not in the
local /etc/passwd and /etc/shadow file

4) the output of /var/log/secure is:
May 6 18:31:32 ldapclnt72 xinetd[772]: START: telnet pid=7920 from=192.168.203.240
May 6 18:31:37 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
May 6 18:31:41 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
May 6 18:31:49 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
May 6 18:32:05 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...


5) on third serer, it will show:
Login timed out after 60 seconds
Connection closed by foreign host.

As you can see, it will NOT read the local /etc/passwd and /etc/shadow for the user id instead it always to look for LDAP services either through nss_ldap or pam_ldap.

Please let me know if you need any other info ?

Thanks,

Sky

Last edited by ldapsky; 05-06-2006 at 07:45 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable remote root login in /etc/securetty jon_k Linux - Software 5 03-16-2011 11:52 PM
How to enable auto login for root in Redhat alix123 Programming 5 06-27-2007 12:43 AM
Fedora Core 3: How do I enable remote root login? xunil321 Fedora - Installation 2 09-16-2005 05:43 AM
Enable root login in wu-ftpd? Sevoma Linux - Software 5 02-04-2005 06:49 PM
Disable/Enable Root Login @ Console ryanstrayer Linux - Security 4 01-18-2002 04:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration