Nothing looks amiss in the PAM or NSS configs. From the description, this is not a PAM problem at all, but an nss_ldap one: it's not the authentication which fails, but the resolution of users and groups afterwards.
I believe the relevant section of /etc/ldap/ldap.conf is this: # Search timelimit #timelimit 30 # Bind/connect timelimit #bind_timelimit 30 # Reconnect policy: hard (default) will retry connecting to # the software with exponential backoff, soft will fail # immediately. bind_policy soft # Idle timelimit; client will close connections # (nss_ldap only) if the server has not been contacted # for the number of seconds specified below. #idle_timelimit 3600 Note that, per nss_ldap(5), the default time limit on connections to the LDAP server (the bind_timelimit) is 30 seconds. That's a 30 second timeout for *each* process that needs to look up a username or group name. If you are concerned about usability when the LDAP server is unavailable, you probably want to lower this timeout or run a cache such as nscd. (The libnss-ldap package Recommends: nscd). ** Changed in: libnss-ldap (Ubuntu) Sourcepackagename: pam => libnss-ldap -- Local login fails without LDAP server https://bugs.launchpad.net/bugs/253937 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
