Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-06-2006, 08:27 PM   #1
LQ Newbie
Registered: May 2006
Posts: 1

Rep: Reputation: 0
how to enable root login on console when LDAP server is down


I have configured the RedHat 7.2 server as LDAP client machine and it works well except that when LDAP server is down, there is no way I can login to the console as root. The only way is to run linux rescue mode to disable the LDAP by running authconfig command.

Please help to direct me how to change the required configuration files to make it work so that when LDAP server is down, I, at least, can login as root to make the change on the server instead of the boot from the CD to run linux rescue.

Here is my configuration files on RedHat 7.2:

1. /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
sudoers: files ldap

auth required /lib/security/
auth sufficient /lib/security/ likeauth nullok
auth sufficient /lib/security/ use_first_pass
auth required /lib/security/

account required /lib/security/
account required /lib/security/

password required /lib/security/ retry=3 type=
password sufficient /lib/security/ nullok use_authtok md5 shadow
password sufficient /lib/security/ use_authtok
password required /lib/security/

session required /lib/security/
session required /lib/security/
session optional /lib/security/

3. /etc/ldap.conf
base dc=xxx,dc=com
ssl start_tls
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
tls_ciphers TLSv1
pam_password md5
sudoers_base ou=sudoers,dc=xxx,dc=com

4. /etc/openldap/ldap.conf
BASE dc=www,dc=com
TLS_CACERTDIR /etc/openldap/cacerts

Here is the testing:

1) make sure LDAP server is up
/etc/init.d/ldap start

2) let's call RedHat 7.2 server ldapclnt72
and enable telnet server for this testing

3) on third server, do
telnet ldapclnt72

login: jack // jack is on the LDAP database not in the
local /etc/passwd and /etc/shadow file

password: xxxxxxx // correct password

it works !

5) let's stop the LDAP server
on LDAP server, do
/etc/init.d/ldap stop

2) on LDAP client server ldapclnt72, do
tail -f /var/log/secure

3) on third server, do
telnet ldapclnt72

login: jack // jack is on the LDAP database not in the
local /etc/passwd and /etc/shadow file

4) the output of /var/log/secure is:
May 6 18:31:32 ldapclnt72 xinetd[772]: START: telnet pid=7920 from=
May 6 18:31:37 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
May 6 18:31:41 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
May 6 18:31:49 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
May 6 18:32:05 ldapclnt72 login: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...

5) on third serer, it will show:
Login timed out after 60 seconds
Connection closed by foreign host.

As you can see, it will NOT read the local /etc/passwd and /etc/shadow for the user id instead it always to look for LDAP services either through nss_ldap or pam_ldap.

Please let me know if you need any other info ?



Last edited by ldapsky; 05-06-2006 at 08:45 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable remote root login in /etc/securetty jon_k Linux - Software 5 03-17-2011 12:52 AM
How to enable auto login for root in Redhat alix123 Programming 5 06-27-2007 01:43 AM
Fedora Core 3: How do I enable remote root login? xunil321 Fedora - Installation 2 09-16-2005 06:43 AM
Enable root login in wu-ftpd? Sevoma Linux - Software 5 02-04-2005 07:49 PM
Disable/Enable Root Login @ Console ryanstrayer Linux - Security 4 01-18-2002 05:49 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:02 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration