on 10/10/2007 1:01 PM jlee spake the following:
Andy Harrison wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/10/07, Craig White wrote:
As for 'critical apps that require' nscd...I don't personally know of
any and if we are talking about CentOS-5 which has 2.3.27 version of
openldap...the 2.3.x versions are very fast and I'm not certain that
nscd is of all that much benefit (but I don't know because I have never
tested it out).
Can CentOS (openldap) be configured to work without nscd for file
ownership over nfs mounted volumes?
- --
Andy Harrison
Problem solved (kind of). Openldap was working for logins, but not for
launching certain apps, that's why nscd was installed. Launching acroread
with strace showed the following.
<snip>
[2]$ strace /usr/local/Adobe/Acrobat7.0/bin/acroread 2>&1|tee| grep nss
open("/etc/nsswitch.conf", O_RDONLY) = 4
read(4, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1658
open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_files.so.2",
O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/lib/tls/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/lib/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/lib/libnss_files.so.2", O_RDONLY) = 4
open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_ldap.so.2",
O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/lib64/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
</snip>
With the i386 libs for ldap installed acroread along with other programs
were able to get
their user id authentication and run properly, therefore nscd was no
longer needed.
This did not solve the mystery of why nscd was dying, just eliminated
the need for it.
Here is part of the strace on nscd (4096 is the pid). There is a lot of
stuff above this,
but the end where is segfaults always looks pretty much the same.
<snip>
geteuid32() = 430
open("/etc/passwd", O_RDONLY) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
fstat64(0x4, 0xffffcd2c) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0x1000) = 0xfffffffff7429000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1946
read(4, "", 4096) = 0
close(4) = 0
munmap(0xf7429000, 4096) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
exit_group(1) = ?
Process 27033 detached
</snip>
Haven't tested to see if the i386 libnss_ldap fixed the nscd issue.
nscd has been flaky since CentOS3. I had segfaults way back then. They were
random and irritating, hard to trace down to the cause, and finding ways to
not use it were the norm and not the exception. I don't think nscd is as
useful as it used to be with the slower services like NIS.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
