[CentOS] nsswitch.conf, ldap, local groups problem
Mark Hennessy
mark at hennessy.cx
Wed Aug 27 18:53:04 UTC 2008
Quoting Craig White <craigwhite at azapple.com>:
> On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
>> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
>> this problem.
>>
>> Hello, I'm seeing a weird problem that perhaps someone has run into
>> with groups.
>>
>> First, a little background.
>> I was made aware of a problem with CentOS 5 where if the nscd password
>> cache is clear and
>> someone tries to log in if there is no network connection with an LDAP
>> account that it
>> just hangs. Even worse, if the machine is rebooted and it continues
>> to have no network
>> connection, even root login doesn't work. I messed around with
>> nsswitch.conf to fix this
>> problem.
>>
>> I altered these lines as so:
>> passwd: files [!NOTFOUND=return] ldap
>> shadow: files [!NOTFOUND=return] ldap
>> group: files [!NOTFOUND=return] ldap
>>
>> and the problem seemed to go away.
>>
>> But now, here's the weird stuff:
>> I have defined in my local /etc/groups file this line:
>> group1:x:100:apache
>> group2:x:101:apache
>>
>> 'getent group groupname' shows the right info:
>> # getent group group1
>> group1:x:100:apache
>>
>> # sudo -u apache bash
>> $ groups
>> apache
>>
>> I revert back to my old config:
>> # sudo -u apache bash
>> $ groups
>> apache group1 group2
>>
>> Also, something else that's interesting. If I do this:
>> passwd: files [!NOTFOUND=return] ldap
>> shadow: files [!NOTFOUND=return] ldap
>> group: ldap [NOTFOUND=continue] files
>>
>> and reboot, udev segfaults and the system freezes up after a few
>> more seconds.
>> Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault
>> "$@" $ARGS
>> /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d
>> Wait timeout. Will continue in the background.[FAILED]
>>
>> Any advice?
> ----
> Try putting this at the bottom of /etc/ldap.conf
>
> timelimit 30
> bind_timelimit 30
> bind_policy soft
> nss_initgroups_ignoreusers root,ldap
>
> I wouldn't recommend the changes that you have in nsswitch.conf
Unfortunately, that doesn't work either.
I made the changes, shut down the machine and started it without
networking, and here's what happens:
login: root
Password:
login:
login pukes and init starts it again.
> Craig
More information about the CentOS
mailing list