Quoting Craig White <craigwhite@xxxxxxxxxxx>:
On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
this problem.
Hello, I'm seeing a weird problem that perhaps someone has run into
with groups.
First, a little background.
I was made aware of a problem with CentOS 5 where if the nscd password
cache is clear and
someone tries to log in if there is no network connection with an LDAP
account that it
just hangs. Even worse, if the machine is rebooted and it continues
to have no network
connection, even root login doesn't work. I messed around with
nsswitch.conf to fix this
problem.
I altered these lines as so:
passwd: files [!NOTFOUND=return] ldap
shadow: files [!NOTFOUND=return] ldap
group: files [!NOTFOUND=return] ldap
and the problem seemed to go away.
But now, here's the weird stuff:
I have defined in my local /etc/groups file this line:
group1:x:100:apache
group2:x:101:apache
'getent group groupname' shows the right info:
# getent group group1
group1:x:100:apache
# sudo -u apache bash
$ groups
apache
I revert back to my old config:
# sudo -u apache bash
$ groups
apache group1 group2
Also, something else that's interesting. If I do this:
passwd: files [!NOTFOUND=return] ldap
shadow: files [!NOTFOUND=return] ldap
group: ldap [NOTFOUND=continue] files
and reboot, udev segfaults and the system freezes up after a few
more seconds.
Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault
"$@" $ARGS
/sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d
Wait timeout. Will continue in the background.[FAILED]
Any advice?
----
Try putting this at the bottom of /etc/ldap.conf
timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap
I wouldn't recommend the changes that you have in nsswitch.conf
Unfortunately, that doesn't work either.
I made the changes, shut down the machine and started it without
networking, and here's what happens:
login: root
Password:
login:
login pukes and init starts it again.
Craig
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos