Comments on: Local Logins Refused in AD Integration Scenarios

By: Doug W

Doug W — Fri, 03 Oct 2008 18:04:27 +0000

This is a problem also in RHEL3 and I have only found one workaround for it which is to use NIS for passwd, shadow and groups. I tried building a later nss_ldap module on RHEL3 and was dogged with segmentation faults when performing lookups.

This doesn’t mean you are locked into using the shadow passwds given by NIS. I am using kerberos instead via your other instructions for Linux. Basically using NIS as the replacement for LDAP/AD in this case. http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/

BTW, it will generally fail on the first attempt if the NIS server can’t be reached, but the second login try will succeed.

By: slowe

slowe — Tue, 12 Feb 2008 01:12:12 +0000

Magnus,

Thanks for the update. I’ll update the article accordingly!

By: Magnus

Magnus — Mon, 11 Feb 2008 19:14:06 +0000

Scott,

After doing some research it turns out that even with the full AD integration enabled I can still log in to the Emergency Console using local authentication.

I would still rather VMware update to a bugfree nss-library but at least we won’t have to use local groups.

Cheers,
Magnus

By: slowe

slowe — Tue, 22 Jan 2008 11:55:38 +0000

Rob,

I can only suggest having a look at the /etc/pam.d/system-auth file, which controls the authentication process, to see in what order esxcfg-auth specified the use of local files and Kerberos. Perhaps changing the order to UNIX first then Kerberos might help, if they aren’t already in that order.

By: Rob

Rob — Thu, 17 Jan 2008 21:20:23 +0000

I am having this same issue, but I followed the VMware document on enabling AD authentication which does not make any changes to nsswitch.con thus mine is still set to “files” on passwd, group, and shadow (no ldap). Any ideas?