pam_ldap goofs things up for local user login when network interface is down

pam_ldap goofs things up for local user login when network interface is down

Post by Kendal L. Montgome » Sun, 21 Jul 2002 03:44:06

I am having some odd problems with using LDAP authentication when (for
some reason or another) my network interface goes down.  I am
currently running RedHat 7.3, and used authconfig to set up the LDAP
auth stuff. I was having problems with my network card when I started
seeing the problem (although that is neither here or there).

What happened was that I would bring the system up and I could log in
fine... when I brought down the network interface, and logged back
out, I could no longer log in to the system at all, even as root (a
local user to the box.)  It would just hang after typing the password,
then eventually bring up a new login: prompt.  This really annoys me
because I have to reboot the system, start it back up in single-user
mode, then disable LDAP auth before I can log back in even as root.
*big pain in the butt*.

By the way the LDAP server is another box on my network, and I'm not
using SSL, TLS, or any encryption when this happens (i've tried all
three ways also).

Has anyone experienced the same, or have an idea why it won't even log
in local users.  I can sure post a copy of my /etc/pam.d/system-auth
file if anyone feels the need, as well as /etc/nssswitch.conf and
/etc/nscd.conf.  I have found nothing abnormal about how any of these
look, but then again, I'm no expert.

are any ideas on what to fix up so that local user authentication
*always* works even in for some reason the LDAP server can't be
reached. That is really the goal.




1. Interfaces don't go down when network is physically down

On FreeBSD 3.0-RELEASE, when you physically break an ethernet (eg, unplug
the cable) the host still thinks the interface is up and can still
ping it.  Is there any way to avoid that scenario - ie, when you break
an interface, have it be really broken, down, unpingable?

The reason I ask is that a physically down ethernet network interface
does not appear to be visible FreeBSD (or to gated) which means that
OSPF really doesn't work properly.

For example, two machines, three networks:

            +------+            +------+
----net1----| box1 |----net2----| box2 |----net3----
            +------+            +------+

If box1 is announcing net1 to box2 via OSPF, and I physically take
down the net1 interface on box1, box1's gated never knows it, keeps
announcing the route to box2.  box2 can still reach the net1 interface on
box1, even though net1 should really be unreachable via box1.

Any work-around for this?

[FYI, this is not really a FreeBSD-specific problem - Linux and Solaris
also appear to fail this test.]


2. X on a Thinkpad 770

3. This clone I stupid, or am I right?

4. Cannot log into linux box via TELNET.

5. STSN Network connection

6. 2.1 Gbyte Linux 3.0.0 April 96 install goof-ups...

7. Primary master hard disk fail

8. listening to a UPS, and shutting down a network

9. users login hang ups, NIS+ passwd problem ?

10. Shutdown hangs at "Shutting down PCMCIA" if PCMCIA network interface still up

11. Network Interface down (traffic or???)