Bug 454292

Summary: cron does not work for ldap users.
Product: Red Hat Enterprise Linux 5 Reporter: Bogdan Sandu <irian2003>
Component: nss_ldapAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DUPLICATE QA Contact:
Severity: high Docs Contact:
Priority: low    
Version: 5.2CC: chakkerz, jplans
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-30 15:23:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bogdan Sandu 2008-07-07 15:05:39 UTC
Cron does not work for ldap users.

I Think the problem is related to Bug 448016: su does not work in 5.2

Starting nscd does not solve the problem, as it does with bug 448016.

We've also experienced bug 448016: su does not work in 5.2, and we've applied
the workaround with nscd, and now su works with ldap users.

But cron still does not work with ldap users.

Here is out /etc/pam.d/system-auth:
#%PAM-1.0
# This file is managed using cfengine
# User changes will be destroyed the next time cfagent is run.

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     required      /lib/security/$ISA/pam_ldap.so ignore_unknown_user
ignore_authinfo_unavail

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     optional      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so


,and our /etc/pam.d/crond file:
#
# The PAM configuration file for the cron daemon
#
#
auth       sufficient pam_rootok.so
auth       required   pam_env.so
auth       include    system-auth
account    required   pam_access.so
account    include    system-auth
session    required   pam_loginuid.so
session    include    system-auth

Thanks

Comment 1 Nalin Dahyabhai 2010-06-30 15:23:54 UTC
This looks like a duplicate of bug #448014, which was fixed in
nss_ldap-253-13.el5_2.1.  Please reopen this report if this update did not
resolve the problem.  Thanks!

*** This bug has been marked as a duplicate of bug 448014 ***