Red Hat Bugzilla – Bug 109359
root cannot login if network is down and configured for NIS, LDAP, etc..
Last modified: 2015-01-07 19:06:53 EST
Description of problem:
if the machine is configured to authenticate from NIS, LDAP, or any
other directory service and the network goes down or the server stop
responding then local accounts will not work either. root should
always be able to login. The only way around this is to either boot
in single user mode or turn off authentication from NIS, LDAP, etc..
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. configure machine to authenticate via NIS or LDAP
2. pull network cable
3. attempts to login will just bring the login prompt back
unable to login
should be able to login with local accounts, at least root
Putting into U2's Shouldfix list, after checking with Nalin.
I have seen the same on a box with RH Linux 9 Kernel 2.40.20-24.9 and
the current errata installed. In this case we saw that when the NIS
server was down I could not log in with the local root acct (wanted
to disable NIS temporarily and activate a guest acct). In the end we
had to hard reset it (ugly); this was in spite of the nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
bootparams: nisplus [NOTFOUND=return] files
protocols: files nis
services: files nis
netgroup: files nis
automount: files nis
# nis removed by kheal as autofs does not support sun style mounting
aliases: files nisplus
Forgot to ask the $64K question... is there a feasible config change
or workaround at the current time?
I can imagine disabling PAM for login (not keen on that) or using NIS
compat mode (which would be fine) as possible candidates.
This appears to be the same problem experienced in bug #55193.
There are two workarounds listed there. I have not had the opertunity
to test either. It appears that the root of the problem is in the
authconfig package, not pam itself.
Why isn't this fixed? The bug exists in many different distro's for a
long time. I thought that RHEL would gave me some support. I have some
major problem now with a server on wich i can't login anymore. I realy
would appreciate if this bug will soon be fixed. The workaround is
unacceptable because the use of redhat-config-authentication will
break my config again.
Please, please fix this!
"Additional Comment #1 From Suzanne Hillman (email@example.com) on
2003-11-21 10:03 -------
Putting into U2's Shouldfix list, after checking with Nalin."
What happened??? It doesn't appear to be in U2 to me. I think theres
a lot of people that would appreciate a fix.
I don't see this problem on RHEL3-U3. Can anyone still reproduce it?
I see the problem only with LDAP authentication.
It will be solved using optional setting in authconfig.
*** Bug 121451 has been marked as a duplicate of this bug. ***
Can someone tell me what the optional setting to authconfig is,
because I just updated a server to AS 3 Update 4 and the problem
It will be added in the next update cycle.
*** Bug 144762 has been marked as a duplicate of this bug. ***
FYI, the LDAP fix we are using is to manually change the system-auth
PAM line from what authconfig spits out:
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
to add the entry authinfo_unavail=ignore.
account [default=bad authinfo_unavail=ignore success=ok
user_unknown=ignore service_err=ignore system_err=ignore]
Can we have authconfig add this by default? It really makes it harder
to do fully-automated builds. Thanks...
*** Bug 154854 has been marked as a duplicate of this bug. ***
(In reply to comment #13)
> FYI, the LDAP fix we are using is to manually change the system-auth
> PAM line from what authconfig spits out:
> add to the entry authinfo_unavail=ignore.
I have tried this on some of our boxes and it does not help, still get a timeout
trying to log in to the box. Can you post your entire system-auth file?
Can we please get a status report from someone at Redhat on what is being done
to resolve this issue? If you have not found a solution yet, that's cool, but
please let all of us know you are aware of the issue and looking into it.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
We are having the same problem with Redhat 7.2, 7.3 8.0 9 and with Fedora fc3.
I could not find any authconfig rpms to fix this issue. Could some help me to
find the excat syntex for system-auth file to fix this issue. I tried the
above mention syntex it does not work.