Yes, nscd is both a blessing and a curse...we've found the default settings
for it be problematic.
Check your nscd.conf file and `man nscd.conf`. Pay special attention to
these values:
paranoia yes
positive-time-to-live passwd 120
negative-time-to-live passwd 2
persistent passwd no
positive-time-to-live group 120
negative-time-to-live group 2
persistent group no
On Mon, Mar 22, 2010 at 8:01 AM, Sean Carolan <scarolan at gmail.com> wrote:
> I'm testing the 389 directory server in our lab environment before
> moving it to production and have noticed that occasionally it won't
> let me log in. I have to restart the nscd service before it will
> authenticate my user. Here's the error in /var/log/secure:
>
> Mar 22 09:59:31 watcher sshd[18109]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=10.2.3.100 user=scarolan
> Mar 22 09:59:31 watcher sshd[18109]: pam_ldap: error trying to bind as
> user "uid=scarolan,ou=People, dc=companyname, dc=com" (Invalid
> credentials)
>
> Has anyone else experienced something like this? Any idea what causes
> it? I want to make sure our LDAP authentication is rock-solid
> reliable before moving it into the production environment.
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100322/ec8262fd/attachment.html
