Re: nsswitch.conf, ldap, local groups problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Quoting Craig White <craigwhite@xxxxxxxxxxx>:


On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:

I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
this problem.

Hello, I'm seeing a weird problem that perhaps someone has run into
with groups.

First, a little background.
I was made aware of a problem with CentOS 5 where if the nscd password
cache is clear and
someone tries to log in if there is no network connection with an LDAP
account that it
just hangs.  Even worse, if the machine is rebooted and it continues
to have no network
connection, even root login doesn't work.  I messed around with
nsswitch.conf to fix this
problem.

I altered these lines as so:
passwd:     files [!NOTFOUND=return] ldap
shadow:     files [!NOTFOUND=return] ldap
group:      files [!NOTFOUND=return] ldap

and the problem seemed to go away.

But now, here's the weird stuff:
I have defined in my local /etc/groups file this line:
group1:x:100:apache
group2:x:101:apache

'getent group groupname' shows the right info:
# getent group group1
group1:x:100:apache

# sudo -u apache bash
$ groups
apache

I revert back to my old config:
# sudo -u apache bash
$ groups
apache group1 group2

Also, something else that's interesting. If I do this:
passwd:     files [!NOTFOUND=return] ldap
shadow:     files [!NOTFOUND=return] ldap
group:      ldap [NOTFOUND=continue] files
and reboot, udev segfaults and the system freezes up after a few more seconds. 
Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
  "$@" $ARGS
/sbin/start_udev: line 201:   523 Segmentation fault      /sbin/udevd -d
Wait timeout. Will continue in the background.[FAILED]

Any advice?

----
Try putting this at the bottom of /etc/ldap.conf

timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap

I wouldn't recommend the changes that you have in nsswitch.conf


Unfortunately, that doesn't work either.
I made the changes, shut down the machine and started it without networking, and here's what happens: 

login: root
Password:

login:

login pukes and init starts it again.


Craig




_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux