Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.


LDAP-Auth does not work correctly with systemd

Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
LDAP-Auth does not work correctly with systemd

Hi,

since the upgrade to Gnome 3.6 (now i have 3.8) the authentication over LDAP stops working. The whole machine does not start anymore. The machine boot, but no gdm and no X. I can login, with root, but then the tty hangs. When i look at ttyF12 i see a lot of systemd service the runs random, start and stop, start and stop.

The only way to avoid the problem is, at shutdown to overwrite the nsswitch.conf with

Code:
passwd:      compat
shadow:      compat
group:       compat

When machine is starting the file will overwirte with this:

Code:
passwd:      compat ldap [notfound=continue]
shadow:      compat ldap [notfound=continue]
group:       compat ldap [notfound=continue]

So it works, but at this time i see no users in GDM. I can login at TTY but not in GDM. The only way to solve this, i must set the LDAPuserID in passwd for each user. Crazy.
I have done a lot of things to solve, but i doesn't found a solution. Here are my files:

nsswitch.conf
Code:
passwd:      compat ldap [notfound=continue]
shadow:      compat ldap [notfound=continue]
group:       compat ldap [notfound=continue]

#passwd:      compat
#shadow:      compat
#group:       compat

hosts:       files dns mdns6
networks:    files dns mdns6

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files

/etc/pam.d/system-auth
Code:
auth            sufficient      pam_ldap.so
#auth            sufficient      pam_ldap.so use_first_pass
auth            required        pam_env.so
auth            sufficient      pam_unix.so try_first_pass likeauth nullok
auth            required        pam_deny.so
#auth           optional        pam_permit.so

account         sufficient      pam_ldap.so
account         required        pam_unix.so
#account                optional        pam_permit.so

password        sufficient      pam_ldap.so use_authtok use_first_pass
password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password        sufficient      pam_unix.so try_first_pass use_authtok nullok sha512 shadow
auth            required        pam_deny.so
#password       optional        pam_permit.so

session         required        pam_limits.so
session         required        pam_env.so
session         required        pam_unix.so
session         optional        pam_ldap.so
session         required        pam_mkhomedir.so skel=/etc/skel umask=0077
#session                optional        pam_permit.so
session        optional        pam_systemd.so

Hope anyone can help me.
Thanks and Regards.
# 2  
I don't use gentoo. I don't use systemd either. I think it is supposed to start services on demand and harvest unused ones. But it sounds like you have ldap screwed up. Have you checked your ldap.conf file. On RedHat it is /etc/ldap.conf.
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Configure Squid to use LDAP group auth to deny internet access
wbdevilliers
Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group....... Emergency UNIX and Linux Support
1
Emergency UNIX and Linux Support
Kerberos and LDAP Auth
mariusb
Good day I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right. When I ran kinit username I get a ticket and I can display it using klist. When the user login I can see the ticket request on Windows 2003, but the user...... AIX
1
AIX
LDAP auth, secondary groups doesnt works
sncr24
RedHat ELS 5.2 & Sun directory getent passwd: works toto:*:1000:100:toto:/home/toto:/bin/bash getent group: works mygroup:*:10001:1000,1001 but id toto doesnt works :( uid=1000(toto) gid=100(users) groupes=100(users) BTW in /etc/ldap.conf i use a different mapping for the posix...... Red Hat
4
Red Hat
SSH + LDAP Auth Giving Fits
AlexDeGruven
I'm having a bear of a time getting my LDAP connection going, so I hope someone here has some insight. I have AIX 5.3 running on an LPAR. I have ldap-client, ldap-max-crypto-client, gskak, and gskte installed. I'm able to set up the connection via mksecldap, and I can query users just fine...... AIX
1
AIX
iPlanet on HP-UX - WANT to auth aganist MS Directory Services/LDAP
shuterj
I am running iPlanet 6 on HP-UX 11, and presently all users can access the site. There are 6000 users accessing the website from an Windows Network. I would like users to access the site, but would also like to log user ID's in the access log, without prompting users for an ID/Password. Is...... UNIX for Dummies Questions & Answers
1
UNIX for Dummies Questions & Answers

Featured Tech Videos