have you tried thinking about the problem in terms of pam.conf instead of nsswitch.conf? You seem to me more concerned about the authentication process than the name resolution.
- mo On 27 Oct 2008, at 6:20 pm, Johan Hartzenberg wrote: > > > On Mon, Oct 27, 2008 at 6:25 PM, Josh Rivel <[EMAIL PROTECTED]> > wrote: > Does not seem to work and then local accounts (i.e. root) are not > seen as valid ones unless LDAP is down (which is not what we need) > We just need a single account to only be able to login if LDAP is > down. I suppose I could put something into that users .profile > checking for the LDAP server and if it's there to log itself out > sort of thing. Not ideal, but might suit the purpose for now. > > How about create an account locally AND in LDAP, but the one in LDAP > is set to not be able to login. > > Then in nsswitch.conf you set it to check ldap before files. > > I'm not sure though, whether "cached" information may cause it to > fail - eg if the user tries to login with the admin account and > shortly after, while it is still cached on the system, ldap becomes > unavailable... That system may continue to refuse access to the > specific account based on cached information (which could then be > solved by a reboot) > > > -- > Any sufficiently advanced technology is indistinguishable from magic. > Arthur C. Clarke > > My blog: http://initialprogramload.blogspot.com > _______________________________________________ > opensolaris-discuss mailing list > opensolaris-discuss@opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
