REL 6.2 - cannot login as regular user, only as root

Latest response

Hi,
I have been installing REL 4.7 for the most part on our servers. Now I'm playing with REL 6.2. I had to edit a file to get LDAP to work (compared w/ REL 4.7). Now I can mount and login as root but I cannot remote login as a user (though once logged in I can su to a LDAP user). What am I missing?

Thanks in advance

Responses

Hello Julio,
LDAP in RHEL 6 is quite different than 4.x, I'm afriad. The concept is obviously similar, but the implementation is different.

SSSD is the preferred "stack" for authentication and adds quite a bit of functionality. It will be tough to assist without asking a number of questions about your environment.
I recommend starting with
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Configuring_Authentication.html

James, I played w/ authentication GUI and now I get the msg below when I su to a user whereas before I was able to su to the user and mount that home directory (LDAP). Now it does su to a user but cannot mount the home dir. What may have changed?

su: warning: cannot change directory to /export/home/username: No such file or directory

Hello again Julio,
I'll do my best to help. I assume that you have the home directory location being supplied by LDAP.

Is the home directory itself provided via NFS, or local?

/export/home/ was more of a legacy (Solaris maybe? ;-) location and is perfectly valid. However, your shiny new Linux install does not have that mount.

You can do one thing to help this particular issue

authconfig --enablemkhomedir --update

Now - that authconfig will update a number of files in /etc. It may also install supporting packages (oddjobd for example). It sounds like the client you are using is for testing, so, I hope that is OK. If you are using NFS for your home directories, we would likely need to fix some other items.

James I think is on to something.

I had this happen to me with the very quick ldap-like server I created. I needed a very quick ldap server so I installed IPA that comes with Red Hat 6 on a very tiny non-production network. I could join clients using system-config-authentication and experienced the same issue you describe, but on RHEL 6.4.

I found that one hidden tab with going through the graphical interface (GUI) for ldap. Click on the other tabs and look for the option to make the directory for users.

I stood up an IPA server (gives features of ldap and more, but IPA comes with rhel 6, a Red Hat person said IPA is okay for tiny non-production networks) and had the issue you described and that James speaks of and when I checkmarked the one of the other tabs in the system-config-authenticaion gui to create user directories, then I no longer had that issue.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.