On Fri, 2015-04-17 at 19:28 +0200, أحمد المحمودي wrote: > Please find /etc/pam.d/common-auth attached.
I have been playing around with pam_ccreds and I think the bug is in that package or a configuration mix-up. Anyway, if I disable shadow lookups via ldap in /etc/nsswitch.conf I got it to work, otherwise the PAM stack fails with: authpriv.err su[9407]: pam_acct_mgmt: Authentication failure which seems to indicate that something is going wrong in the account (authorisation) part of PAM. I've added debug to pam_unix and pam_ldap in /etc/pam.d/common-account but neither module seems to be logging anything. Without shadow lookups via LDAP at least pam_ldap logs in the account check that it can't connect to nslcd if it is not running. Also, now login works (but slow) if nslcd is still running but the LDAP server is reachable. Some background on the intricacies of the PAM stack can be found here: https://bugs.debian.org/583492 -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
