On Jul 15, 2010, at 2:27 PM, Alexander Dalloz wrote:
Am 15.07.2010 22:16, schrieb Brian Marshall:
On Jul 15, 2010, at 2:12 PM, Alexander Dalloz wrote:
Am 15.07.2010 19:26, schrieb Brian Marshall:
Then am I misinterpreting the fact that getent shadow returns data on ldap users when ldap is up but not when it's down? I guess I don't understand where that shadow data comes from when LDAP is up.
/etc/nsswitch.conf
Alexander
Hi Alexander,
Thanks for your response but /etc/nsswitch.conf does not contain any passwd, group or shadow data. It is a configuration file and is not used to cache or store data.
Sure, but it that configuration file tells the nss where to look for requested information in which order. I.e. where to find shadow information. If you don't configure ldap there you won't get ldap results using your getent command.
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Yes but as I said in my previous messages I have configured all of that and yet, it still doesn't ever cache shadow data.
[root@argentine ~]# grep -v # /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus
So my original problem still remains. When LDAP is down users can not authenticate. I can't get nsscache to run because python can't find the library. I don't want to run sssd because it's new, untested in production and has a mankey set of Fedora specific dependencies that tie ionto PAM that I'm not willing to gamble on in a production environment.
But hey I have a Windows XP laptop that can use Directory Services and still can manage logging in users without a network. I also have a trashed old Apple laptop and Mac OS can use LDAP and still manages to login users without a network. I don't want to do it but I think I have to tell all of our IT staff they are going to have to get windows laptops instead of linux...which I will get lynched for.