I currently have about eight servers running a mixture of CentOS x86_64 v5.2 and v5.3 but none with the very latest updates. They all obtain their authentication information over LDAP and to avoid the starting message bus hang problem[1], nscd is set to soft failure.
However, yesterday I set up a new CentOS v5.3 server with the latest updates, but it refuses to get beyond "Starting message bus" if I have ldap as an option in nsswitch.conf. The LDAP server is hosted on two separate machines and this machine has an identical set up to the others - including soft failure in the nscd config.
If I remove all references to ldap from nsswitch.conf I can get the machine to boot. I can then add those entries back, start nscd and getent works fine. However, when I start samba it then starts to fail stating that it cannot find a users unix account - which is clearly incorrect!
To compound matters, ssh now seems to be locking up; freezing after requesting a password and eventually dropping connection. As I am working off-site for the test of the week I cannot post any further information at the moment, however, I think that the installed kernel had a September 2009 compile date.
Does anyone know of any reason why the latest updates could be causing this behaviour? I have been unable to find anything relevant in the list archives or in the forums.
I am under pressure to get this server working and I don't want to be forced to install Windows, so any advice would be appreciated.
Many thanks,
Ben
I experienced the same problem and found a solution. In your /etc/ldap.conf file (which I had the ldap.conf in /etc/openldap symlinked to), add the following line to the bottom of the file:
nss_initgroups_ignoreusers root,haldaemon,dbus,ldap,sshd (any other group that is locally stored and used by applications go here)
Regards,
Dan
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Benjamin Donnachie Sent: Tuesday, September 29, 2009 10:37 AM To: centos@centos.org Subject: [CentOS] CentOS 5.3 LDAP problem.
I currently have about eight servers running a mixture of CentOS x86_64 v5.2 and v5.3 but none with the very latest updates. They all obtain their authentication information over LDAP and to avoid the starting message bus hang problem[1], nscd is set to soft failure.
However, yesterday I set up a new CentOS v5.3 server with the latest updates, but it refuses to get beyond "Starting message bus" if I have ldap as an option in nsswitch.conf. The LDAP server is hosted on two separate machines and this machine has an identical set up to the others - including soft failure in the nscd config.
If I remove all references to ldap from nsswitch.conf I can get the machine to boot. I can then add those entries back, start nscd and getent works fine. However, when I start samba it then starts to fail stating that it cannot find a users unix account - which is clearly incorrect!
To compound matters, ssh now seems to be locking up; freezing after requesting a password and eventually dropping connection. As I am working off-site for the test of the week I cannot post any further information at the moment, however, I think that the installed kernel had a September 2009 compile date.
Does anyone know of any reason why the latest updates could be causing this behaviour? I have been unable to find anything relevant in the list archives or in the forums.
I am under pressure to get this server working and I don't want to be forced to install Windows, so any advice would be appreciated.
Many thanks,
Ben
[1] http://bugs.centos.org/view.php?id=2047 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 2009-09-29 at 11:20 -0500, Dan Burkland wrote:
I experienced the same problem and found a solution. In your /etc/ldap.conf file (which I had the ldap.conf in /etc/openldap symlinked to), add the following line to the bottom of the file:
nss_initgroups_ignoreusers root,haldaemon,dbus,ldap,sshd (any other group that is locally stored and used by applications go here)
---- having these lines in /etc/ldap.conf has helped me a lot...
timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus
As for symlinking /etc/ldap.conf to /etc/openldap/ldap.conf...
that's a bad idea because they serve different purposes. OpenLDAP developers have often lamented that padl chose to name their settings file with the same name and it just creates confusion.
/etc/ldap.conf is for nss/padl
/etc/openldap/ldap.conf is for users who execute openldap client programs such as ldapsearch/ldapmodify/etc.
The file contents are necessarily different.
Craig
2009/9/29 Craig White craigwhite@azapple.com:
having these lines in /etc/ldap.conf has helped me a lot... timelimit 30 bind_timelimit 30 bind_policy soft
My timelimits are still at the default of 120. However, the machine was bounced for me this morning and is apparently still stuck on "Starting message bus".
I'm just a perplexed that my other CentOS machines work fine, except this new install... :-/
Ben
2009/9/29 Dan Burkland dburklan@nmdp.org:
I experienced the same problem and found a solution. In your /etc/ldap.conf file (which I had the ldap.conf in /etc/openldap symlinked to), add the following line to the bottom of the file:
Due to the ssh problems, I can't check the actual machine at the moment, but the machine I copied the config from already has the following:
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
I'll check the machine's config as soon as I can get access to it.
Ben
2009/9/30 Miguel Medalha miguelmedalha@sapo.pt:
in /etc/ldap.conf: bind_policy soft
I may not have used the right terminology, but I mentioned this in my first message:
They all obtain their authentication information over LDAP and to avoid the starting message bus hang problem[1], nscd is set to soft failure.
Works for the others, just not this one.
Ben
Problem solved...
This time I didn't use the CentOS Extras repo. However, still some problems with v5.3 until I just upgraded kernel, smb and nscd and now working and rebooting perfectly! :)
Ben
-
Benjamin Donnachie -
Craig White -
Dan Burkland -
Miguel Medalha