The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
Reload this Page cron for local users without ldap request
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: cron for local users without ldap request
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #1 (permalink)  
Old 07-02-2009
jrodriguez365 jrodriguez365 is offline
Registered User
  
 

Join Date: Jul 2009
Posts: 3
cron for local users without ldap request
Hi,

I have configured a server in RHEL 5 to authenticate users via another ldap server.
but there are also local users that I would like that don't check ldap.

I have created a cronjob for a localuser (just present in /etc/passwd, /etc/shadow and /etc/group):

[root@fr1test01 root]# crontab -l -u localuser
* * * * * echo toto.`date` >> /tmp/localuser.cron.log

The cron is running properly (from /var/log/cron):

Jul 2 14:18:01 fr1test01 crond[26396]: (localuser) CMD (echo toto.`date` >> /tmp/localuser.cron.log)


I have also modified /etc/pam.d/crond to remove any reference to pam_ldap.so (removed the references to system_auth):

[root@fr1test01 root]# crontab -l -u localuser
* * * * * echo toto.`date` >> /tmp/localuser.cron.log
[root@fr1test01 root]# cat /etc/pam.d/crond
#
# The PAM configuration file for the cron daemon
#
#
auth sufficient pam_rootok.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
auth required pam_env.so
account required /lib/security/$ISA/pam_unix.so
session required pam_limits.so



But checking the ldap server logs, I can see that there are always requests to ldap for thiis local user:

[02/Jul/2009:14:18:01 +0000] conn=2945 op=-1 msgId=-1 - fd=46 slot=46 LDAP connection from 192.168.60.225:39877 to 192.168.60.67
[02/Jul/2009:14:18:01 +0000] conn=2945 op=0 msgId=1 - EXT oid="1.3.6.1.4.1.1466.20037"
[02/Jul/2009:14:18:01 +0000] conn=2945 op=0 msgId=1 - RESULT err=0 tag=120 nentries=0 etime=0, Start TLS request accepted.Server willing to negotiate SSL.
[02/Jul/2009:14:18:02 +0000] conn=2945 op=-1 msgId=-1 - SSL 256-bit AES-256
[02/Jul/2009:14:18:02 +0000] conn=2945 op=1 msgId=2 - BIND dn="cn=proxyagent,ou=profile,dc=domain,dc=prod" method=128 version=3
[02/Jul/2009:14:18:02 +0000] conn=2945 op=1 msgId=2 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=proxyagent,ou=profile,dc=domain,dc=prod"
[02/Jul/2009:14:18:02 +0000] conn=2945 op=2 msgId=3 - SRCH base="dc=domain,dc=prod" scope=2 filter="(uid=localuser)" attrs=ALL
[02/Jul/2009:14:18:02 +0000] conn=2945 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
[02/Jul/2009:14:18:02 +0000] conn=2945 op=3 msgId=4 - SRCH base="dc=domain,dc=prod" scope=2 filter="(&(objectClass=posixGroup)(memberUid=localuser))" attrs="cn userPassword memberUid uniqueMember gidNumber"
[02/Jul/2009:14:18:02 +0000] conn=2945 op=3 msgId=4 - RESULT err=0 tag=101 nentries=0 etime=0
[02/Jul/2009:14:18:02 +0000] conn=2945 op=4 msgId=0 - RESULT err=80 tag=120 nentries=0 etime=0
[02/Jul/2009:14:18:02 +0000] conn=2945 op=-1 msgId=-1 - closing from 192.168.60.225:39877 - A1 - Client aborted connection -
[02/Jul/2009:14:18:02 +0000] conn=2945 op=-1 msgId=-1 - closed.

Do you know if there is any way to avoid the client to check the ldap server for local users?. I have tried many configurations but it seems to be checking always ldap server...

Thanks