I think not as well. The tactest user has been blown back out. I can re-add it from ldif again.<br><br>[root@ldap home]# getent passwd | grep example<br>[root@ldap home]# <br><br>[root@ldap home]# cat /etc/nsswitch.conf | grep -v \#<br>
<br><br>passwd: files ldap<br>shadow: files ldap<br>group: files ldap<br><br>hosts: files dns<br><br><br>bootparams: nisplus [NOTFOUND=return] files<br><br>ethers: files<br>netmasks: files<br>networks: files<br>
protocols: files<br>rpc: files<br>services: files<br><br>netgroup: nisplus<br><br>publickey: nisplus<br><br>automount: files nisplus<br>aliases: files nisplus<br><br>[root@ldap home]# cat /etc/pam.d/system-auth<br>
#%PAM-1.0<br># This file is auto-generated.<br># User changes will be destroyed the next time authconfig is run.<br>auth required pam_env.so<br>auth sufficient pam_unix.so nullok try_first_pass<br>auth requisite pam_succeed_if.so uid >= 500 quiet<br>
auth sufficient pam_ldap.so use_first_pass<br>auth required pam_deny.so<br><br>account required pam_unix.so broken_shadow<br>account sufficient pam_localuser.so<br>account sufficient pam_succeed_if.so uid < 500 quiet<br>
account [default=bad success=ok user_unknown=ignore] pam_ldap.so<br>account required pam_permit.so<br><br>password requisite pam_cracklib.so try_first_pass retry=3<br>password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok<br>
password sufficient pam_ldap.so use_authtok<br>password required pam_deny.so<br><br>session optional pam_keyinit.so revoke<br>session required pam_limits.so<br>session optional pam_mkhomedir.so<br>
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid<br>session required pam_unix.so<br>session optional pam_ldap.so<br><br>[root@ldap home]# cat /etc/ldap.conf | grep -v \#<br>
<br><br>BASE dc=tncionline, dc=net<br>URI ldap://<a href="http://127.0.0.1">127.0.0.1</a><br>port 389<br><br>SIZELIMIT 12<br>TIMELIMIT 15<br>DEREF never<br>timelimit 600<br>bind_timelimit 600<br>bind_policy soft<br>
idle_timelimit 3600<br><br>nss_initgroups_ignoreusers pserwe,dgates,root,ldap,named,avahi,haldaemon,dbus<br>base dc=tncionline, dc=net<br>pam_password md5<br><br>Peter<br><div class="gmail_quote">On Wed, Dec 16, 2009 at 12:24 PM, Craig White <span dir="ltr"><<a href="mailto:craigwhite@azapple.com">craigwhite@azapple.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">On Wed, 2009-12-16 at 12:07 -0800, Peter Serwe wrote:<br>
> Found an ldif user recipe for CentOS5.2..<br>
><br>
> Added the user "tactest" with the password "tactest".<br>
><br>
> Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user<br>
> unknown<br>
> Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication<br>
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap<br>
> Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error<br>
> retrieving information about user tactest<br>
><br>
> auth still fails.<br>
</div>----<br>
before you get into authorizations...<br>
<br>
does the user show? I think not...<br>
<br>
getent passwd |grep tactest<br>
<br>
if that's the case, and you want help from the list...<br>
<br>
what is in files...<br>
/etc/<a href="http://nsswitch.com" target="_blank">nsswitch.com</a><br>
/etc/pam.d/system-auth<br>
/etc/ldap.conf<br>
<div class="im"><br>
Craig<br>
<br>
<br>
--<br>
This message has been scanned for viruses and<br>
dangerous content by MailScanner, and is<br>
believed to be clean.<br>
<br>
_______________________________________________<br>
</div><div><div></div><div class="h5">CentOS mailing list<br>
<a href="mailto:CentOS@centos.org">CentOS@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos" target="_blank">http://lists.centos.org/mailman/listinfo/centos</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Peter Serwe<br><a href="http://truthlightway.blogspot.com/">http://truthlightway.blogspot.com/</a><br>