IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New If your PAM is broke, you're in trouble.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New I can still edit stuff.
Boot to another partition, mount /dev/hda1, and I've got full access. Just need to know what to kick.
apt-get install godlike-powers
New Nog
start in /etc/pam.d and work outwards.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New So here's something interesting...
Here's the original contents of my /etc/pam.d/sudo file:

#%PAM-1.0\n\n@include common-auth\n@include common-account


The [link|http://craige.mcwhirter.com.au/blog/archive/2005/01/17/making_a_debian_or_ubuntu_mach|directions] I'm using read this:

$ sudo vi /etc/pam.d/sudo


Once deep in the bowells of the sudo file, you need to add one line above the existing line, something like this:

auth    sufficient      pam_ldap.so \nauth    required        pam_unix.so


My current sudo file reads something like this:

#%PAM-1.0\n\nauth    sufficient      pam_ldap.so\nauth    required        pam_unix.so\n\n@include common-auth\n@include common-account


I'm checking out any docs I can find, but does this look wrong to you guys?
apt-get install godlike-powers
New Solution:
/etc/nsswitch.conf

Changed lines:
passwd: ldap\ngroup: ldap\nshadow: ldap

to:
passwd: ldap compat\ngroup: ldap compat\nshadow: ldap compat


root/su/sudo still no workee. Investigating.
apt-get install godlike-powers
New Changed yet again.
Change this:
passwd: ldap compat\ngroup:  ldap compat\nshadow: ldap compat

to this:
passwd: ldap [NOTFOUND=continue] compat\ngroup:  ldap [NOTFOUND=continue] compat\nshadow: ldap [NOTFOUND=continue] compat


That is if I am reading your whole storyline properly.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
New What should this fix?
I still can't su/sudo/login as root after this change...
apt-get install godlike-powers
New You know that with sudo you use *your* password, right?
Just checking the stupid stuff...

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
New Yep.
New Take a look at:
man nsswitch.conf

It might just twink something for you that turns the light on for it.

Not to sure exactly how you have everything setup.


The Relevant part is:
\n`[' ( `!'? STATUS `=' ACTION )+ `]'\n\nwhere\n\nSTATUS => success | notfound | unavail | tryagain\nACTION => return | continue


I always try to stay away from Pam. If I do mess with pam, nearly always I use something designed to fuss with it. Lastime I used Webmin to manage the settings, which worked very well. That Might be extreme though in your case.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
     "Good" LDAP workstation configuration howto? - (inthane-chan) - (12)
         90% there... - (inthane-chan) - (11)
             Wow, even recovery mode doesn't work. - (inthane-chan) - (10)
                 If your PAM is broke, you're in trouble. -NT - (pwhysall) - (9)
                     I can still edit stuff. - (inthane-chan) - (8)
                         Nog - (pwhysall) - (7)
                             So here's something interesting... - (inthane-chan)
                             Solution: - (inthane-chan) - (5)
                                 Changed yet again. - (folkert) - (4)
                                     What should this fix? - (inthane-chan) - (3)
                                         You know that with sudo you use *your* password, right? - (ben_tilly) - (1)
                                             Yep. -NT - (inthane-chan)
                                         Take a look at: - (folkert)

There are some who call me... Tim.
63 ms