Yes, nscd is both a blessing and a curse...we've found the default settings for it be problematic.
paranoia yes
positive-time-to-live passwd 120
negative-time-to-live passwd 2
persistent passwd no
positive-time-to-live group 120
negative-time-to-live group 2
persistent group no
On Mon, Mar 22, 2010 at 8:01 AM, Sean Carolan <scarolan@xxxxxxxxx> wrote:
I'm testing the 389 directory server in our lab environment before
moving it to production and have noticed that occasionally it won't
let me log in. I have to restart the nscd service before it will
authenticate my user. Here's the error in /var/log/secure:
Mar 22 09:59:31 watcher sshd[18109]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=10.2.3.100 user=scarolan
Mar 22 09:59:31 watcher sshd[18109]: pam_ldap: error trying to bind as
user "uid=scarolan,ou=People, dc=companyname, dc=com" (Invalid
credentials)
Has anyone else experienced something like this? Any idea what causes
it? I want to make sure our LDAP authentication is rock-solid
reliable before moving it into the production environment.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
