Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.


LDAP-Auth does not work correctly with systemd

Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
LDAP-Auth does not work correctly with systemd

Hi,

since the upgrade to Gnome 3.6 (now i have 3.8) the authentication over LDAP stops working. The whole machine does not start anymore. The machine boot, but no gdm and no X. I can login, with root, but then the tty hangs. When i look at ttyF12 i see a lot of systemd service the runs random, start and stop, start and stop.

The only way to avoid the problem is, at shutdown to overwrite the nsswitch.conf with

Code:
passwd:      compat
shadow:      compat
group:       compat

When machine is starting the file will overwirte with this:

Code:
passwd:      compat ldap [notfound=continue]
shadow:      compat ldap [notfound=continue]
group:       compat ldap [notfound=continue]

So it works, but at this time i see no users in GDM. I can login at TTY but not in GDM. The only way to solve this, i must set the LDAPuserID in passwd for each user. Crazy.
I have done a lot of things to solve, but i doesn't found a solution. Here are my files:

nsswitch.conf
Code:
passwd:      compat ldap [notfound=continue]
shadow:      compat ldap [notfound=continue]
group:       compat ldap [notfound=continue]

#passwd:      compat
#shadow:      compat
#group:       compat

hosts:       files dns mdns6
networks:    files dns mdns6

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files

/etc/pam.d/system-auth
Code:
auth            sufficient      pam_ldap.so
#auth            sufficient      pam_ldap.so use_first_pass
auth            required        pam_env.so
auth            sufficient      pam_unix.so try_first_pass likeauth nullok
auth            required        pam_deny.so
#auth           optional        pam_permit.so

account         sufficient      pam_ldap.so
account         required        pam_unix.so
#account                optional        pam_permit.so

password        sufficient      pam_ldap.so use_authtok use_first_pass
password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password        sufficient      pam_unix.so try_first_pass use_authtok nullok sha512 shadow
auth            required        pam_deny.so
#password       optional        pam_permit.so

session         required        pam_limits.so
session         required        pam_env.so
session         required        pam_unix.so
session         optional        pam_ldap.so
session         required        pam_mkhomedir.so skel=/etc/skel umask=0077
#session                optional        pam_permit.so
session        optional        pam_systemd.so

Hope anyone can help me.
Thanks and Regards.
# 2  
I don't use gentoo. I don't use systemd either. I think it is supposed to start services on demand and harvest unused ones. But it sounds like you have ldap screwed up. Have you checked your ldap.conf file. On RedHat it is /etc/ldap.conf.
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Why does this awk script not work correctly?

I have a large database with English on the left hand side and Indic words on the left hand. It so happens that since the Indic words have been entered by hand, there are duplicates in the entries. The structure is as under: English headword=Indic gloss,Indic gloss A small sample will... (6 Replies)
Discussion started by: gimley
6 Replies

2. SCO

Set NIC correctly , but the network does not work

I'm trying to virtualize an instance of SCO Open Server 5.0.2c in VirtualBox (called VM- A) , I can not configure the network (NIC). The NIC I'm using is PCnet -FAST III (Am79C973 ) (this NIC works with VirtualBox + SCO 5.0.5M) When I add from ' Add new LAN adapter' I detects the NIC... (2 Replies)
Discussion started by: flako
2 Replies

3. UNIX for Advanced & Expert Users

Libvirt does not work correctly anymore on my gentoo

Hi, Since a year my libvirtd does not work anymore on my Gentoodesktop. In the meantime a used virtualbox. But I would like to have back libvirt. The problem was after libvirt should not only work with root privileges. I deinstalled all things with libvirt an kvm. I removed all things from /var... (4 Replies)
Discussion started by: darktux
4 Replies

4. AIX

Auth against AD (kerberos) does not work

@kah00na and all others, i have done al steps of the HowTo "Authenticate AIX users from MSActive Directory", found in this forum, but it still does not work. The test with kinit USERNAME works fine. But if i try to login i get the "UNKNOWN_USER" error in the debug.log.All steps to change... (11 Replies)
Discussion started by: tomys
11 Replies

5. Emergency UNIX and Linux Support

Configure Squid to use LDAP group auth to deny internet access

Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies

6. AIX

Kerberos and LDAP Auth

Good day I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right. When I ran kinit username I get a ticket and I can display it using klist. When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies

7. Red Hat

LDAP auth, secondary groups doesnt works

RedHat ELS 5.2 & Sun directory getent passwd: works toto:*:1000:100:toto:/home/toto:/bin/bash getent group: works mygroup:*:10001:1000,1001 but id toto doesnt works :( uid=1000(toto) gid=100(users) groupes=100(users) BTW in /etc/ldap.conf i use a different mapping for the posix... (4 Replies)
Discussion started by: sncr24
4 Replies

8. AIX

SSH + LDAP Auth Giving Fits

I'm having a bear of a time getting my LDAP connection going, so I hope someone here has some insight. I have AIX 5.3 running on an LPAR. I have ldap-client, ldap-max-crypto-client, gskak, and gskte installed. I'm able to set up the connection via mksecldap, and I can query users just fine... (1 Reply)
Discussion started by: AlexDeGruven
1 Replies

9. SuSE

vsft doesn't work correctly

I install vsftpd server on 2 SUSE 10.2 servers. The first works perfectly, but the second doesn't work how I expect. The second works only over local network and doesn't over internet. The vsftpd.conf and ../xinetd.d/vsftpd are the same in 2 servers. The only different was when I threw to log in... (1 Reply)
Discussion started by: zhivko.neychev
1 Replies

10. UNIX for Dummies Questions & Answers

iPlanet on HP-UX - WANT to auth aganist MS Directory Services/LDAP

I am running iPlanet 6 on HP-UX 11, and presently all users can access the site. There are 6000 users accessing the website from an Windows Network. I would like users to access the site, but would also like to log user ID's in the access log, without prompting users for an ID/Password. Is... (1 Reply)
Discussion started by: shuterj
1 Replies

Featured Tech Videos