I have two 389-ds servers with MMR via TLS and client hosts authenticating via TLS. I see this error message in all client machines in /var/log/messages. It seems nscd is failing at random intervals. Has anyone seen this before?
Dec 29 10:35:35 dmc189 nscd: nss_ldap: could not search LDAP server - Server is unavailable
Dec 29 11:00:21 dmc189 nscd: nss_ldap: could not search LDAP server - Server is unavailable
Dec 29 11:12:15 dmc189 nscd: nss_ldap: could not search LDAP server - Server is unavailable
Steps Taken:
- start/stop/restart nscd.
- ldapsearch works fine
- Turned ON nscd.log (no useful info found)
- URI in ldap.conf and CN on server-cer is same.
Possible causes:
In /etc/ldap.conf
:
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
.
Is this config correct?
/etc/nscd.conf looks like this
logfile /var/log/nscd.log
# threads 6
# max-threads 128
server-user nscd
# stat-user nocpulse
debug-level 10
# reload-count 5
paranoia no
# restart-interval 3600
enable-cache passwd yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd yes
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes
enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group yes
shared group yes
max-db-size group 33554432
auto-propagate group yes
enable-cache hosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
