FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-03-2012, 12:47 PM
Timothy Murphy
 
Default Can only login as root

I have a strange problem on a CentOS-5.8 machine.
I can only login as root.
If I try to login with one of the user's names,
it hangs for a long time.
I thought it hung forever, but I just found that
I do login after "su tim" after 5 minutes.

It seems that the problem lies in repeated messages in /var/log/messages
---------------------------
May 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server
ldap://www.gayleard.com/: Can't contact LDAP server
May 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server
(sleeping 64 seconds)...
---------------------------

The openldap server is not running, and I don't see why
this authentication is being sought.
There is nothing in /etc/pam.d/su or /etc/pam.d/login
or /etc/ssh/sshd_config to suggest that ldap needs to be invoked,
unless it is a part of system-auth .

--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 01:25 PM
Tait Clarridge
 
Default Can only login as root

On Thu, 2012-05-03 at 13:47 +0100, Timothy Murphy wrote:
> I have a strange problem on a CentOS-5.8 machine.
> I can only login as root.
> If I try to login with one of the user's names,
> it hangs for a long time.
> I thought it hung forever, but I just found that
> I do login after "su tim" after 5 minutes.
>
> It seems that the problem lies in repeated messages in /var/log/messages
> ---------------------------
> May 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server
> ldap://www.gayleard.com/: Can't contact LDAP server
> May 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server
> (sleeping 64 seconds)...
> ---------------------------
>
> The openldap server is not running, and I don't see why
> this authentication is being sought.
> There is nothing in /etc/pam.d/su or /etc/pam.d/login
> or /etc/ssh/sshd_config to suggest that ldap needs to be invoked,
> unless it is a part of system-auth .
>

Have you also checked /etc/nsswitch.conf?

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 02:31 PM
Scott Robbins
 
Default Can only login as root

On Thu, May 03, 2012 at 09:25:02AM -0400, Tait Clarridge wrote:
>
>
> On Thu, 2012-05-03 at 13:47 +0100, Timothy Murphy wrote:
> > I have a strange problem on a CentOS-5.8 machine.
> > I can only login as root.
> > If I try to login with one of the user's names,
> > it hangs for a long time.
> > I thought it hung forever, but I just found that
> > I do login after "su tim" after 5 minutes.
> >
> > It seems that the problem lies in repeated messages in /var/log/messages

Sounds like another bug that has been around for years.
You may be able to fix this by finding a line--on CentOS 5.x I think
it's in /etc/ldap.conf, that says bind_policy hard. (It's probably
commented out.) Uncomment it (by removing the # at the beginning of the
line, if there is a # sign) and change it bind_policy soft.
Then restart ldap if it's running--on 5.8, not sure if it's service
slapd or service ldap. See if that helps.


--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Spike: We like to talk big... vampires do. 'I'm going to destroy
the world.' That's just tough-guy talk. Strutting around with
your friends over a pint of blood. The truth is, I _like_ this
world. You've got...dog racing, Manchester United. And you've
got people. Billions of people walking around like Happy Meals
with legs. It's all right here. But then someone comes along
with a vision. With a real... passion for destruction. Angel
could pull it off. Good-bye, Picadilly. Farewell,
Leicester-bloody-Square.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 03:00 PM
Craig White
 
Default Can only login as root

On May 3, 2012, at 5:47 AM, Timothy Murphy wrote:

> I have a strange problem on a CentOS-5.8 machine.
> I can only login as root.
> If I try to login with one of the user's names,
> it hangs for a long time.
> I thought it hung forever, but I just found that
> I do login after "su tim" after 5 minutes.
>
> It seems that the problem lies in repeated messages in /var/log/messages
> ---------------------------
> May 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server
> ldap://www.gayleard.com/: Can't contact LDAP server
> May 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server
> (sleeping 64 seconds)...
> ---------------------------
>
> The openldap server is not running, and I don't see why
> this authentication is being sought.
> There is nothing in /etc/pam.d/su or /etc/pam.d/login
> or /etc/ssh/sshd_config to suggest that ldap needs to be invoked,
> unless it is a part of system-auth .
----
it would seem that you configured ldap as a potential authentication source in 'authconfig'

Tait probably gave you the best possible fix - remove the ldap entries in /etc/nsswitch.conf (or /etc/sssd/sssd.conf if present).

Craig
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-03-2012, 05:37 PM
Joseph Spenner
 
Default Can only login as root

________________________________
From: Timothy Murphy <gayleard@eircom.net>
To: centos@centos.org
Sent: Thursday, May 3, 2012 5:47 AM
Subject: [CentOS] Can only login as root

> I have a strange problem on a CentOS-5.8 machine.
> I can only login as root.
> If I try to login with one of the user's names,
> it hangs for a long time.
> I thought it hung forever, but I just found that
> I do login after "su tim" after 5 minutes.
>
> It seems that the problem lies in repeated messages in /var/log/messages
> ---------------------------
> May* 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server
> ldap://www.gayleard.com/: Can't contact LDAP server
> May* 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server
>* (sleeping 64 seconds)...
> ---------------------------

=====================

How does your /etc/nsswitch.conf look?* Particularly the 'passwd:' line?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-04-2012, 05:30 PM
Timothy Murphy
 
Default Can only login as root

Joseph Spenner wrote:

>> I have a strange problem on a CentOS-5.8 machine.
>> I can only login as root.

> How does your /etc/nsswitch.conf look? Particularly the 'passwd:' line?

Thanks very much.
I see that in /etc/nsswitch.conf I have
--------------------------------
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files ldap
shadow: files ldap
group: files ldap
--------------------------------

I'll go back to the commented-out version,
and I'm sure that will do the trick.

I'm not sure when I made this change -
I should explain that the computer in question
is my old Dell server, which I stopped using some time ago
as the 2TB disk in it seems sick.
I've resuscitated it to try to get all the data off it.

I was running an openLDAP server on this machine,
and must have edited nsswitch.conf for that.


--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org