我configuration了LDAP,它的工作非常好。 但是,如果networking出现故障,即使本地用户注册,也无人使用机器。 当LDAP不可达时,是否可以允许本地用户login? 或允许LDAP和本地身份validation?
/var/log/auth.log有这个:
Oct 27 11:30:36 trento lightdm: PAM adding faulty module: pam_kwallet5.so Oct 27 11:30:36 trento lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "localadmin" Oct 27 11:30:39 trento lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Oct 27 11:30:39 trento lightdm: PAM adding faulty module: pam_kwallet.so Oct 27 11:30:39 trento lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Oct 27 11:30:39 trento lightdm: PAM adding faulty module: pam_kwallet5.so Oct 27 11:30:39 trento lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "ldapuser" Oct 27 11:30:41 trento lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost= user=ldapuser Oct 27 11:30:41 trento lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Oct 27 11:30:45 trento systemd-logind[857]: Removed session c20.
是的,这是可能的,是Ubuntu的默认。 你用手configuration了PAM吗? 以下是Ubuntu在/etc/pam.d/common-auth中使用的内容:
auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_ldap.so use_first_pass auth requisite pam_deny.so auth required pam_permit.so
第一行允许本地authentication。
你应该看看sssd ,它允许例如为道路勇士cachinglogin信息。
您至less还需要两台ldap服务器以实现冗余。