PAM
On RedHat/CentOS systems linked to LDAP, users with UIDs smaller than 500 are not allowed to log on. Change the settings in /etc/pam.d/system-auth file:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
Change 500 to 100 or some smaller number in the first (3rd) line and change the 'uid < 500' to 'uid > 100' in the second (7th).
To allow a user's directory to be automatic created on login, add this line to /etc/pam.d/common-account file:
# and here are more per-package modules (the "Additional" block)
session required pam_mkhomedir.so umask=077
account required pam_krb5.so minimum_uid=1000
# end of pam-auth-update config
