On 7/15/10 11:49 AM, "Brian Marshall" neorosbob@gmail.com wrote:
On Jul 15, 2010, at 12:37 PM, Gary Greene wrote:
On 7/15/10 11:29 AM, "Brian Marshall" neorosbob@gmail.com wrote:
On Jul 15, 2010, at 11:46 AM, Gary Greene wrote:
On 7/15/10 9:15 AM, "Brian Marshall" neorosbob@gmail.com wrote:
Hi Todd,
Yes, I have already used authconfig to enable caching. If you have any questions about my configs I have a forum post with more details up there including the related ldap, and pam config files. https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i... 27 15 3&forum=42
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
So am I missing a package, config or something else somewhere.?
Please don't top post, thanks.
Now.... LDAP caching... Besides running a local LDAP slave on each machine, the only solution I know of is nsscache. What build problems have you had with it?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM: > Yes but I have worked in many organizations that use directory services > for > authentication and my machines with them have always cached > authentication > data so I can login if I'm not online. I can't expect laptop users to > always > have a network connection. If Mac OS and Windows can manage to cache > network > authentication for offline use, I can't believe that linux does not have > this capability. > > Perhaps my wanting to cache my shadow data or use nscd for this purpose > is > not the correct way to achieve this. But the only other well discussed > option I have found is nsscache which doesn't seem to work very well and > their library doesn't seem to install on centos 5. Unfortunately I'm way > to > much of a hack C programmer to fix it, especially since they don't > provide > a > configure file. > > So, assuming maybe we put the conversation of nscd shadow caching aside > and > just talk about how to cache ldap data on a centos system so it can > authenticate users in the absence of a network. Creating local > passwd/group/shadow data is not an option. > > Again, I can't stress this enough. I am convinced I am doing something > wrong > or going about this the wrong way. I'm just not understanding how to > either > fix the problem at hand or solve it another or proper way. > > Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
> > Thanks > > Brian > > On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote: > >>> The problem I am having is that shadow does not seem to get cached by >>> nscd. Here's how I have tracked this down. >> NSCD not caching shadow user credentials is a fact. There is nothing >> wrong >> with your configuration. NSCD just does not do what you seem to expect >> from it. You can't make it what you like to. >> >> If your LDAP server is gone, you will not be able to login. Run a >> replica >> server to avoid a single point of failure. >> >>> Brian >> Alexander >> >> _______________________________________________ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos >
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sorry about that top post.
nsscache seems to install ok but when I try to run the update it errors out on importing some other python file that didn't seem to get installed anywhere. It errors with this
[root@argentine ~]# nsscache update --full Traceback (most recent call last): File "/usr/local/bin/nsscache", line 28, in ? from nss_cache import app ImportError: No module named nss_cache
and here is /usr/local/bin/nsscache
19 """Executable frontend to nss_cache.""" 20 21 __author__ = ('jaq@google.com (Jamie Wilkinson)', 22 'vasilios@google.com (Vasilios Hoffman)') 23 24 import logging 25 import os 26 import sys 27 28 from nss_cache import app 29 30 if __name__ == '__main__': 31 nsscache_app = app.NssCacheApp() 32 return_value = nsscache_app.Run(sys.argv[1:], os.environ) 33 nsscache_app.log.info('Exiting nsscache') 34 nsscache_app.log.debug('with value %d', return_value) 35 sys.exit(return_value)
I do have a few things of matching name on the system but I'm not comfortable enough with the python environement to start monkeying around. It seems like an env var, path or prefix is not defined properly../usr/lib/libnss_cache.so
Locate finds these files (below) which are a result of the libnss-cache install.
/usr/lib/libnss_cache.so.2 /usr/lib/libnss_cache.so.2.0 /usr/local/lib/python2.4/site-packages/nss_cache
You need to modify your python site-packages search path so it can find the files, since normally from my experience, python doesn't search /usr/local for eggs.
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Gary,
That's what I was assuming, but as I said I'm not real familiar with the python environment so I'm having a hard time find out where to do that. I'm doing some googling around without much luck. I'll keep trying.
Thanks
Brian
What you're looking for is information on sitecustomize. Look at /usr/lib/python2.4/site.py for more information.