1. Launch authconfig 2. Setup "Local authorisation is sufficient", and LDAP authentication 3. Try to login as a local user with the LDAP server down: doesn't work /etc/pam.d/system-auth doesn't contain the line: account sufficient /lib/security/$ISA/pam_localuser.so Adding that line makes 3. work
The authconfig in RHEL 3 supports this only as command line option --enablelocauthorize and I've verified again that it works fine. Alternatively 'USELOCAUTHORIZE=yes' can be added to the /etc/sysconfig/authconfig before running authconfig. Simply deleting the USELOCAUTHORIZE=no line doesn't change anything.
My apologies, ran my tests on a RHEL4 system without realising. Thanks for the pointer.