I have an Everex laptop (ick, but it was super cheap) that has an Atheros wireless NIC in it, but I can't seem to get it to connect to my wireless in-home LAN. Here's what I've done so far (that isn't working) - any suggestions?
[root@marktop mark]# lspci | grep Ether 00:12.0 Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II] (rev 7c) 05:01.0 Ethernet controller: Atheros Communications Inc. AR2413 802.11bg NIC (rev 01) [root@marktop mark]# iwconfig wlan0 wlan0 IEEE 802.11bg ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm RTS thr:off Fragment thr:off Encryption key:off Power Management:off
[root@marktop mark]# iwconfig wlan0 essid hrfamnet-101 [root@marktop mark]# iwconfig wlan0 enc XXXXXXXXXX [not really...] [root@marktop mark]# iwconfig wlan0 wlan0 IEEE 802.11bg ESSID:"hrfamnet-101" Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm RTS thr:off Fragment thr:off Encryption key:XXXXXXXXXX Power Management:off
[root@marktop mark]# ifup wlan0
Determining IP information for wlan0... failed. [root@marktop mark]# iwlist wlan0 scan wlan0 Scan completed : Cell 01 - Address: 00:1C:F0:58:9A:31 Channel:6 Frequency:2.437 GHz (Channel 6) Quality=47/70 Signal level=-63 dBm Encryption key:on ESSID:"hrfamnet-101" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 12 Mb/s; 24 Mb/s; 36 Mb/s Bit Rates:9 Mb/s; 18 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=00000073d81085b2 Extra: Last beacon: 468ms ago IE: Unknown: 000C687266616D6E65742D313031 IE: Unknown: 010882848B960C183048 IE: Unknown: 030106 IE: Unknown: 2A0102 IE: Unknown: 32041224606C IE: WPA Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : TKIP CCMP Authentication Suites (1) : PSK IE: Unknown: DD0900037F0101001FFF7F IE: WPA Version 257 Group Cipher : Proprietary Pairwise Ciphers (64) : IE: WPA Version 1 Group Cipher : Proprietary Pairwise Ciphers (22768) : Cell 02 - Address: 00:D0:9E:F6:B3:19 Channel:6 Frequency:2.437 GHz (Channel 6) Quality=39/70 Signal level=-71 dBm Encryption key:on ESSID:"2WIRE067" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 22 Mb/s Mode:Master Extra:tsf=00000002b79d1987 Extra: Last beacon: 554ms ago IE: Unknown: 00083257495245303637 IE: Unknown: 010582840B162C IE: Unknown: 030106
[root@marktop mark]#
What step am I missing that will connect me to the listed access point?
I've looked this up in Google, but frankly the mass of information there is either off point (ubuntu, SuSE, etc.) or Windoze or doesn't apply to my NIC or something else. I've spent a whole day on this one and I'm no closer to a/the solution - well, I did get as far as the above.
Thanks.
Mark
[root@marktop mark]# iwconfig wlan0 essid hrfamnet-101 [root@marktop mark]# iwconfig wlan0 enc XXXXXXXXXX [not really...] [root@marktop mark]# iwconfig wlan0 wlan0 IEEE 802.11bg ESSID:"hrfamnet-101" Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm RTS thr:off Fragment thr:off Encryption key:XXXXXXXXXX Power Management:off
[root@marktop mark]# ifup wlan0
Determining IP information for wlan0... failed. [root@marktop mark]# iwlist wlan0 scan wlan0 Scan completed : Cell 01 - Address: 00:1C:F0:58:9A:31 Channel:6 Frequency:2.437 GHz (Channel 6) Quality=47/70 Signal level=-63 dBm Encryption key:on ESSID:"hrfamnet-101" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 12 Mb/s; 24 Mb/s; 36 Mb/s Bit Rates:9 Mb/s; 18 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=00000073d81085b2 Extra: Last beacon: 468ms ago IE: Unknown: 000C687266616D6E65742D313031 IE: Unknown: 010882848B960C183048 IE: Unknown: 030106 IE: Unknown: 2A0102 IE: Unknown: 32041224606C IE: WPA Version 1
I believe you need to use wpa_supplicant to connect to a wpa protected network .. using ifconfig with enc as you have I believe only works for WEP, but I could be wrong.
Barry
On Wed, Jul 14, 2010 at 6:47 PM, Mark mhullrich@gmail.com wrote:
I have an Everex laptop (ick, but it was super cheap) that has an Atheros wireless NIC in it, but I can't seem to get it to connect to my wireless in-home LAN. Here's what I've done so far (that isn't working) - any suggestions?
Have you looked at these CentOS wiki articles?
http://wiki.centos.org/HowTos/Laptops/Wireless http://wiki.centos.org/HowTos/Laptops/NetworkManager http://wiki.centos.org/HowTos/Laptops/WpaSupplicant
Akemi
On Wed, Jul 14, 2010 at 7:06 PM, Akemi Yagi amyagi@gmail.com wrote:
Have you looked at these CentOS wiki articles?
http://wiki.centos.org/HowTos/Laptops/Wireless http://wiki.centos.org/HowTos/Laptops/NetworkManager http://wiki.centos.org/HowTos/Laptops/WpaSupplicant
That would have been too easy....
Actually, having now read them, there does not seem to be any support for the Atheros AR2413 NIC, just mostly the Atheros 5k series. Would madwifi cover this or . . . ?
Thanks again.
Mark
Hi All,
I have a post on the forums about this. I'm hoping maybe you guys can help me track down what I'm doing wrong.
I am trying to get nscd to cache my LDAP user data. You know, for when the LDAP server goes down. The problem I am having is not related to the "bind_policy soft" issue that causes sshd to hand when LDAP is down. I have bind_policy set to soft and my sshd is very responsive and sends auth requests through PAM no problem. But when LDAP is down it fails to authenticate, it does not fail to ask me to authenticate. That being said I don't think my problem is a bug, I think I have configured something wrong and I'm just not seeing what.
My config files can be referenced on my forum post https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i...
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
Given the results of the following:
LDAP server UP
[root@xxxxxxxx ~]# getent passwd tester tester:x:501:501:tester:/home/tester:/bin/bash [root@xxxxxxxx ~]# getent shadow tester tester:Rx5ZXH414bqiM:14802:0:99999:7:::
LDAP server DOWN
[root@xxxxxxxx ~]# getent passwd tester tester:x:501:501:tester:/home/tester:/bin/bash [root@xxxxxxxx ~]# getent shadow tester
So, when LDAP is down I can clearly see that nscd is caching passwd but not shadow.
To test this I checked getent's output in strace for both circumstances. The result, I can clearly see in all 4 instances a connection to nscd's socket at /var/run/nscd/socket. Since I'm assuming getent exits on first match here's my conclusion on the behavior I see.
When getent is looking at passwd I see it look in /etc/passwd, then nscd and then exits because nscd returns a match on passwd. It doesn't matter if LDAP is up or down. As long as nscd's cache is not expired it looks there first and never calls out to the LDAP server.
When getent is looking at shadow I see it look in /etc/shadow, then nscd, then tries to connect to the LDAP server. It doesn't matter if the LDAP server is up or down, getent never get's a match from nscd. Even if I turn on the LDAP server, login successfully via ssh as an LDAP authed user and then run getent...still no entry for shadow in nscd.
So, to re-state in a different way. I can't find any bug that seems to be related to this, and as it's a basic LDAP/NSCD feature my only logical conclusion is that I am doing something wrong. Any help or any suggestions as to what else I can check would be greatly appreciated.
Thanks
Brian
On Wed, 2010-07-14 at 21:05 -0600, Brian Marshall wrote:
So, when LDAP is down I can clearly see that nscd is caching passwd but not shadow.
--- ""if getent shadow as root returns a shadow file with passwords, then the PAM unix module can do authentication without using libpam-ldap""
So that may just be that you need libpam-ldap. So your problem maybe is PAM?
John
On Wed, Jul 14, 2010 at 09:05:38PM -0600, Brian Marshall wrote:
My config files can be referenced on my forum post https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i...
Your /etc/nscd.conf is only configured to cache passwd/group/hosts. It's not configured to cache shadow.
(I don't know if nscd _can_ be configured to cache shadow or not; never tried)
Your /etc/nscd.conf is only configured to cache passwd/group/hosts. It's not configured to cache shadow.
(I don't know if nscd _can_ be configured to cache shadow or not; never tried)
rgds Stephen
The nscd is a "name service caching daemon" and not an authentication credentials cache.
man 8 nscd
"Nscd provides caching for accesses of the passwd(5), group(5), and hosts(5) databases through standard libc interfaces, such as getpwnam(3), getpwuid(3), getgrnam(3), getgrgid(3), gethostby-name(3), and others."
"Note that the shadow file is specifically not cached. getspnam(3) calls remain uncached as a result."
Regards
Alexander
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Todd,
Yes, I have already used authconfig to enable caching. If you have any questions about my configs I have a forum post with more details up there including the related ldap, and pam config files. https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i...
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
So am I missing a package, config or something else somewhere.?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 07/15/2010 09:15 AM, Brian Marshall wrote:
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
Most LDAP servers don't provide the hash that you expect from "shadow data", so it isn't possible for nscd to cache anything. Login with LDAP is normally an interactive process, handled by the LDAP server.
Then am I misinterpreting the fact that getent shadow returns data on ldap users when ldap is up but not when it's down? I guess I don't understand where that shadow data comes from when LDAP is up.
I just did some brief testing on installing sssd and there's a ton of fedora packages I'll need to pull. Is anyone aware of any successful attempts in using sssd on CentOS 5?
On Jul 15, 2010, at 11:07 AM, Gordon Messmer wrote:
On 07/15/2010 09:15 AM, Brian Marshall wrote:
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
Most LDAP servers don't provide the hash that you expect from "shadow data", so it isn't possible for nscd to cache anything. Login with LDAP is normally an interactive process, handled by the LDAP server. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Am 15.07.2010 19:26, schrieb Brian Marshall:
Then am I misinterpreting the fact that getent shadow returns data on ldap users when ldap is up but not when it's down? I guess I don't understand where that shadow data comes from when LDAP is up.
/etc/nsswitch.conf
Alexander
On Jul 15, 2010, at 2:12 PM, Alexander Dalloz wrote:
Am 15.07.2010 19:26, schrieb Brian Marshall:
Then am I misinterpreting the fact that getent shadow returns data on ldap users when ldap is up but not when it's down? I guess I don't understand where that shadow data comes from when LDAP is up.
/etc/nsswitch.conf
Alexander _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Alexander,
Thanks for your response but /etc/nsswitch.conf does not contain any passwd, group or shadow data. It is a configuration file and is not used to cache or store data.
Am 15.07.2010 22:16, schrieb Brian Marshall:
On Jul 15, 2010, at 2:12 PM, Alexander Dalloz wrote:
Am 15.07.2010 19:26, schrieb Brian Marshall:
Then am I misinterpreting the fact that getent shadow returns data on ldap users when ldap is up but not when it's down? I guess I don't understand where that shadow data comes from when LDAP is up.
/etc/nsswitch.conf
Alexander
Hi Alexander,
Thanks for your response but /etc/nsswitch.conf does not contain any passwd, group or shadow data. It is a configuration file and is not used to cache or store data.
Sure, but it that configuration file tells the nss where to look for requested information in which order. I.e. where to find shadow information. If you don't configure ldap there you won't get ldap results using your getent command.
Alexander
On Jul 15, 2010, at 2:27 PM, Alexander Dalloz wrote:
Am 15.07.2010 22:16, schrieb Brian Marshall:
On Jul 15, 2010, at 2:12 PM, Alexander Dalloz wrote:
Am 15.07.2010 19:26, schrieb Brian Marshall:
Then am I misinterpreting the fact that getent shadow returns data on ldap users when ldap is up but not when it's down? I guess I don't understand where that shadow data comes from when LDAP is up.
/etc/nsswitch.conf
Alexander
Hi Alexander,
Thanks for your response but /etc/nsswitch.conf does not contain any passwd, group or shadow data. It is a configuration file and is not used to cache or store data.
Sure, but it that configuration file tells the nss where to look for requested information in which order. I.e. where to find shadow information. If you don't configure ldap there you won't get ldap results using your getent command.
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Yes but as I said in my previous messages I have configured all of that and yet, it still doesn't ever cache shadow data.
[root@argentine ~]# grep -v # /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus
So my original problem still remains. When LDAP is down users can not authenticate. I can't get nsscache to run because python can't find the library. I don't want to run sssd because it's new, untested in production and has a mankey set of Fedora specific dependencies that tie ionto PAM that I'm not willing to gamble on in a production environment.
But hey I have a Windows XP laptop that can use Directory Services and still can manage logging in users without a network. I also have a trashed old Apple laptop and Mac OS can use LDAP and still manages to login users without a network. I don't want to do it but I think I have to tell all of our IT staff they are going to have to get windows laptops instead of linux...which I will get lynched for.
On 07/15/2010 10:26 AM, Brian Marshall wrote:
Then am I misinterpreting the fact that getent shadow returns data on ldap users when ldap is up but not when it's down?
It would be unusual, but not impossible for "getent shadow ..." to have the password hashes available. If that is the case, you have a relatively poorly secured LDAP server.
On the other hand, it's fairly common for "getent shadow ..." to show you the shadow information other than the password hashes.
In neither case will nscd allow you to log in to the machine when the network is down. nscd is the wrong tool for this.
I guess I don't understand where that shadow data comes from when LDAP is up.
I didn't meant to imply that the LDAP server wouldn't supply anything at all, just that most of them won't hand out password hashes.
I just did some brief testing on installing sssd and there's a ton of fedora packages I'll need to pull. Is anyone aware of any successful attempts in using sssd on CentOS 5?
Did you build it from source or were you trying to install one of the binary packages? You'll definitely want to build from source.
On 07/15/2010 05:09 PM, Gordon Messmer wrote:
Did you build it from source or were you trying to install one of the binary packages? You'll definitely want to build from source.
I take that back. Don't build it from source, that's silly.
Install the EPEL repo. You can then "yum install sssd". http://fedoraproject.org/wiki/EPEL/FAQ#howtouse http://fedoraproject.org/wiki/EPEL
However, since you have an older "authconfig", you'll end up doing the sssd configuration by hand. What I'd recommend is that you get a Fedora 13 host and set it up as an LDAP client using sssd (authconfig will help you). When you are satisfied that it is working, you can use the pam, nss, and sssd configuration files to set up any CentOS hosts that you want to use as mobile LDAP clients.
On Jul 15, 2010, at 6:15 PM, Gordon Messmer wrote:
On 07/15/2010 05:09 PM, Gordon Messmer wrote:
Did you build it from source or were you trying to install one of the binary packages? You'll definitely want to build from source.
I take that back. Don't build it from source, that's silly.
Install the EPEL repo. You can then "yum install sssd". http://fedoraproject.org/wiki/EPEL/FAQ#howtouse http://fedoraproject.org/wiki/EPEL
However, since you have an older "authconfig", you'll end up doing the sssd configuration by hand. What I'd recommend is that you get a Fedora 13 host and set it up as an LDAP client using sssd (authconfig will help you). When you are satisfied that it is working, you can use the pam, nss, and sssd configuration files to set up any CentOS hosts that you want to use as mobile LDAP clients. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Awesome, thanks for your help. I will give that a try.
Thanks everyone for all of your time.
On 7/15/10 9:15 AM, "Brian Marshall" neorosbob@gmail.com wrote:
Hi Todd,
Yes, I have already used authconfig to enable caching. If you have any questions about my configs I have a forum post with more details up there including the related ldap, and pam config files. https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i... 3&forum=42
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
So am I missing a package, config or something else somewhere.?
Please don't top post, thanks.
Now.... LDAP caching... Besides running a local LDAP slave on each machine, the only solution I know of is nsscache. What build problems have you had with it?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Jul 15, 2010, at 11:46 AM, Gary Greene wrote:
On 7/15/10 9:15 AM, "Brian Marshall" neorosbob@gmail.com wrote:
Hi Todd,
Yes, I have already used authconfig to enable caching. If you have any questions about my configs I have a forum post with more details up there including the related ldap, and pam config files. https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i... 3&forum=42
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
So am I missing a package, config or something else somewhere.?
Please don't top post, thanks.
Now.... LDAP caching... Besides running a local LDAP slave on each machine, the only solution I know of is nsscache. What build problems have you had with it?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sorry about that top post.
nsscache seems to install ok but when I try to run the update it errors out on importing some other python file that didn't seem to get installed anywhere. It errors with this
[root@argentine ~]# nsscache update --full Traceback (most recent call last): File "/usr/local/bin/nsscache", line 28, in ? from nss_cache import app ImportError: No module named nss_cache
and here is /usr/local/bin/nsscache
19 """Executable frontend to nss_cache.""" 20 21 __author__ = ('jaq@google.com (Jamie Wilkinson)', 22 'vasilios@google.com (Vasilios Hoffman)') 23 24 import logging 25 import os 26 import sys 27 28 from nss_cache import app 29 30 if __name__ == '__main__': 31 nsscache_app = app.NssCacheApp() 32 return_value = nsscache_app.Run(sys.argv[1:], os.environ) 33 nsscache_app.log.info('Exiting nsscache') 34 nsscache_app.log.debug('with value %d', return_value) 35 sys.exit(return_value)
I do have a few things of matching name on the system but I'm not comfortable enough with the python environement to start monkeying around. It seems like an env var, path or prefix is not defined properly../usr/lib/libnss_cache.so
Locate finds these files (below) which are a result of the libnss-cache install.
/usr/lib/libnss_cache.so.2 /usr/lib/libnss_cache.so.2.0 /usr/local/lib/python2.4/site-packages/nss_cache
On 7/15/10 11:29 AM, "Brian Marshall" neorosbob@gmail.com wrote:
On Jul 15, 2010, at 11:46 AM, Gary Greene wrote:
On 7/15/10 9:15 AM, "Brian Marshall" neorosbob@gmail.com wrote:
Hi Todd,
Yes, I have already used authconfig to enable caching. If you have any questions about my configs I have a forum post with more details up there including the related ldap, and pam config files. https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i... 15 3&forum=42
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
So am I missing a package, config or something else somewhere.?
Please don't top post, thanks.
Now.... LDAP caching... Besides running a local LDAP slave on each machine, the only solution I know of is nsscache. What build problems have you had with it?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
> The problem I am having is that shadow does not seem to get cached by > nscd. Here's how I have tracked this down. NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
> Brian Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sorry about that top post.
nsscache seems to install ok but when I try to run the update it errors out on importing some other python file that didn't seem to get installed anywhere. It errors with this
[root@argentine ~]# nsscache update --full Traceback (most recent call last): File "/usr/local/bin/nsscache", line 28, in ? from nss_cache import app ImportError: No module named nss_cache
and here is /usr/local/bin/nsscache
19 """Executable frontend to nss_cache.""" 20 21 __author__ = ('jaq@google.com (Jamie Wilkinson)', 22 'vasilios@google.com (Vasilios Hoffman)') 23 24 import logging 25 import os 26 import sys 27 28 from nss_cache import app 29 30 if __name__ == '__main__': 31 nsscache_app = app.NssCacheApp() 32 return_value = nsscache_app.Run(sys.argv[1:], os.environ) 33 nsscache_app.log.info('Exiting nsscache') 34 nsscache_app.log.debug('with value %d', return_value) 35 sys.exit(return_value)
I do have a few things of matching name on the system but I'm not comfortable enough with the python environement to start monkeying around. It seems like an env var, path or prefix is not defined properly../usr/lib/libnss_cache.so
Locate finds these files (below) which are a result of the libnss-cache install.
/usr/lib/libnss_cache.so.2 /usr/lib/libnss_cache.so.2.0 /usr/local/lib/python2.4/site-packages/nss_cache
You need to modify your python site-packages search path so it can find the files, since normally from my experience, python doesn't search /usr/local for eggs.
On Jul 15, 2010, at 12:37 PM, Gary Greene wrote:
On 7/15/10 11:29 AM, "Brian Marshall" neorosbob@gmail.com wrote:
On Jul 15, 2010, at 11:46 AM, Gary Greene wrote:
On 7/15/10 9:15 AM, "Brian Marshall" neorosbob@gmail.com wrote:
Hi Todd,
Yes, I have already used authconfig to enable caching. If you have any questions about my configs I have a forum post with more details up there including the related ldap, and pam config files. https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i... 15 3&forum=42
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
So am I missing a package, config or something else somewhere.?
Please don't top post, thanks.
Now.... LDAP caching... Besides running a local LDAP slave on each machine, the only solution I know of is nsscache. What build problems have you had with it?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
>> The problem I am having is that shadow does not seem to get cached by >> nscd. Here's how I have tracked this down. > NSCD not caching shadow user credentials is a fact. There is nothing > wrong > with your configuration. NSCD just does not do what you seem to expect > from it. You can't make it what you like to. > > If your LDAP server is gone, you will not be able to login. Run a replica > server to avoid a single point of failure. > >> Brian > Alexander > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sorry about that top post.
nsscache seems to install ok but when I try to run the update it errors out on importing some other python file that didn't seem to get installed anywhere. It errors with this
[root@argentine ~]# nsscache update --full Traceback (most recent call last): File "/usr/local/bin/nsscache", line 28, in ? from nss_cache import app ImportError: No module named nss_cache
and here is /usr/local/bin/nsscache
19 """Executable frontend to nss_cache.""" 20 21 __author__ = ('jaq@google.com (Jamie Wilkinson)', 22 'vasilios@google.com (Vasilios Hoffman)') 23 24 import logging 25 import os 26 import sys 27 28 from nss_cache import app 29 30 if __name__ == '__main__': 31 nsscache_app = app.NssCacheApp() 32 return_value = nsscache_app.Run(sys.argv[1:], os.environ) 33 nsscache_app.log.info('Exiting nsscache') 34 nsscache_app.log.debug('with value %d', return_value) 35 sys.exit(return_value)
I do have a few things of matching name on the system but I'm not comfortable enough with the python environement to start monkeying around. It seems like an env var, path or prefix is not defined properly../usr/lib/libnss_cache.so
Locate finds these files (below) which are a result of the libnss-cache install.
/usr/lib/libnss_cache.so.2 /usr/lib/libnss_cache.so.2.0 /usr/local/lib/python2.4/site-packages/nss_cache
You need to modify your python site-packages search path so it can find the files, since normally from my experience, python doesn't search /usr/local for eggs.
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Gary,
That's what I was assuming, but as I said I'm not real familiar with the python environment so I'm having a hard time find out where to do that. I'm doing some googling around without much luck. I'll keep trying.
Thanks
Brian
On 7/15/10 11:49 AM, "Brian Marshall" neorosbob@gmail.com wrote:
On Jul 15, 2010, at 12:37 PM, Gary Greene wrote:
On 7/15/10 11:29 AM, "Brian Marshall" neorosbob@gmail.com wrote:
On Jul 15, 2010, at 11:46 AM, Gary Greene wrote:
On 7/15/10 9:15 AM, "Brian Marshall" neorosbob@gmail.com wrote:
Hi Todd,
Yes, I have already used authconfig to enable caching. If you have any questions about my configs I have a forum post with more details up there including the related ldap, and pam config files. https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_i... 27 15 3&forum=42
The problem still remains, when the LDAP server is offline there is no shadow data cached so LDAP users can not authenticate on cached data despite caching and local auth sufficient being enabled in authconfig .
So am I missing a package, config or something else somewhere.?
Please don't top post, thanks.
Now.... LDAP caching... Besides running a local LDAP slave on each machine, the only solution I know of is nsscache. What build problems have you had with it?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM: > Yes but I have worked in many organizations that use directory services > for > authentication and my machines with them have always cached > authentication > data so I can login if I'm not online. I can't expect laptop users to > always > have a network connection. If Mac OS and Windows can manage to cache > network > authentication for offline use, I can't believe that linux does not have > this capability. > > Perhaps my wanting to cache my shadow data or use nscd for this purpose > is > not the correct way to achieve this. But the only other well discussed > option I have found is nsscache which doesn't seem to work very well and > their library doesn't seem to install on centos 5. Unfortunately I'm way > to > much of a hack C programmer to fix it, especially since they don't > provide > a > configure file. > > So, assuming maybe we put the conversation of nscd shadow caching aside > and > just talk about how to cache ldap data on a centos system so it can > authenticate users in the absence of a network. Creating local > passwd/group/shadow data is not an option. > > Again, I can't stress this enough. I am convinced I am doing something > wrong > or going about this the wrong way. I'm just not understanding how to > either > fix the problem at hand or solve it another or proper way. > > Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
> > Thanks > > Brian > > On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote: > >>> The problem I am having is that shadow does not seem to get cached by >>> nscd. Here's how I have tracked this down. >> NSCD not caching shadow user credentials is a fact. There is nothing >> wrong >> with your configuration. NSCD just does not do what you seem to expect >> from it. You can't make it what you like to. >> >> If your LDAP server is gone, you will not be able to login. Run a >> replica >> server to avoid a single point of failure. >> >>> Brian >> Alexander >> >> _______________________________________________ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos >
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sorry about that top post.
nsscache seems to install ok but when I try to run the update it errors out on importing some other python file that didn't seem to get installed anywhere. It errors with this
[root@argentine ~]# nsscache update --full Traceback (most recent call last): File "/usr/local/bin/nsscache", line 28, in ? from nss_cache import app ImportError: No module named nss_cache
and here is /usr/local/bin/nsscache
19 """Executable frontend to nss_cache.""" 20 21 __author__ = ('jaq@google.com (Jamie Wilkinson)', 22 'vasilios@google.com (Vasilios Hoffman)') 23 24 import logging 25 import os 26 import sys 27 28 from nss_cache import app 29 30 if __name__ == '__main__': 31 nsscache_app = app.NssCacheApp() 32 return_value = nsscache_app.Run(sys.argv[1:], os.environ) 33 nsscache_app.log.info('Exiting nsscache') 34 nsscache_app.log.debug('with value %d', return_value) 35 sys.exit(return_value)
I do have a few things of matching name on the system but I'm not comfortable enough with the python environement to start monkeying around. It seems like an env var, path or prefix is not defined properly../usr/lib/libnss_cache.so
Locate finds these files (below) which are a result of the libnss-cache install.
/usr/lib/libnss_cache.so.2 /usr/lib/libnss_cache.so.2.0 /usr/local/lib/python2.4/site-packages/nss_cache
You need to modify your python site-packages search path so it can find the files, since normally from my experience, python doesn't search /usr/local for eggs.
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Gary,
That's what I was assuming, but as I said I'm not real familiar with the python environment so I'm having a hard time find out where to do that. I'm doing some googling around without much luck. I'll keep trying.
Thanks
Brian
What you're looking for is information on sitecustomize. Look at /usr/lib/python2.4/site.py for more information.
What you're looking for is information on sitecustomize. Look at /usr/lib/python2.4/site.py for more information.
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Gary,
Thanks for the response.
I don't have a file /usr/lib/python2.4/site.py but I don have a /usr/lib/python2.4/site-packages/site.py. I looked at site-packages/site.py and didn't see anything in there that looked like I could define or add to my site-packages search path. I see where it's looping the path items. What is the normal way to define/add to the python environments search path for site-packages?
On 7/15/10 1:14 PM, "Brian Marshall" neorosbob@gmail.com wrote:
What you're looking for is information on sitecustomize. Look at /usr/lib/python2.4/site.py for more information.
-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Gary,
Thanks for the response.
I don't have a file /usr/lib/python2.4/site.py but I don have a /usr/lib/python2.4/site-packages/site.py. I looked at site-packages/site.py and didn't see anything in there that looked like I could define or add to my site-packages search path. I see where it's looping the path items. What is the normal way to define/add to the python environments search path for site-packages?
The /usr/lib/python2.4/site.py is found in python-2.4.3-24.el5_3.6 (running CentOS 5.3.)*
Also, you could use the PYTHONPATH environment variable to help with this. It acts much like $PATH in that it is a colon separated list.
* For those on the list that might say "upgrade to latest", I can't. It's running our production RT for the IT department here and if I take it down, I'd loose most of my productivity being bombarded by email in my inbox....
On 07/15/2010 01:14 PM, Brian Marshall wrote:
I don't have a file /usr/lib/python2.4/site.py
On a 64 bit system, it'll be /usr/lib64/python2.4/site.py
The easiest way to extend the path is to set the PYTHONPATH environment variable.
# env PYTHONPATH=/usr/local/lib/python2.4/site-packages python
It seems there are some bugs discussed around this.
http://sources.redhat.com/bugzilla/show_bug.cgi?id=2132 https://bugzilla.redhat.com/show_bug.cgi?id=488597 https://bugzilla.redhat.com/show_bug.cgi?id=599192
That being said, it does not seem like nscd is the way to solve this. Or at very least there are reported complaints about this issue that have not been addressed to date.
Has anyone out there found a good solution for caching network authentication data?
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Does the fact that I am testing without SSL, TLS or Kerberos enabled have any effect on this? I figured I'd do the security and encryption last.
I'm grasping at straws at this point. I'm starting feel like maybe LDAP was not such a great idea since linux clients can't operate in the absence of a network if the user doesn't have local passwd/group/shadow entries. At this point I might as well just manually manage users or switch to Windows and use AD, which the very thought of makes me want to shoot myself. But at least windows clients can cache authentication data.
Any other ideas? I'm totally stuck and feel like crying over a beer. Maybe I should just go get a beer :-)
On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote:
Brian Marshall wrote, On 07/15/2010 11:37 AM:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems _because_ it caches the info.
Thanks
Brian
On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
The problem I am having is that shadow does not seem to get cached by nscd. Here's how I have tracked this down.
NSCD not caching shadow user credentials is a fact. There is nothing wrong with your configuration. NSCD just does not do what you seem to expect from it. You can't make it what you like to.
If your LDAP server is gone, you will not be able to login. Run a replica server to avoid a single point of failure.
Brian
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 07/15/2010 10:32 AM, Brian Marshall wrote:
Does the fact that I am testing without SSL, TLS or Kerberos enabled have any effect on this?
No, it doesn't.
I'm grasping at straws at this point. I'm starting feel like maybe LDAP was not such a great idea since linux clients can't operate in the absence of a network if the user doesn't have local passwd/group/shadow entries.
Prior to sssd, LDAP was only appropriate for fixed workstations. This is why sssd was written.
Any other ideas? I'm totally stuck and feel like crying over a beer. Maybe I should just go get a beer :-)
I won't tell you not to. :)
On 07/15/2010 08:37 AM, Brian Marshall wrote:
Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
Fedora does. It was introduced in Fedora 13, using sssd. The standard tools should configure sssd rather than nscd.
On Wed, Jul 14, 2010 at 7:33 PM, Mark mhullrich@gmail.com wrote:
On Wed, Jul 14, 2010 at 7:06 PM, Akemi Yagi amyagi@gmail.com wrote:
Have you looked at these CentOS wiki articles?
http://wiki.centos.org/HowTos/Laptops/Wireless http://wiki.centos.org/HowTos/Laptops/NetworkManager http://wiki.centos.org/HowTos/Laptops/WpaSupplicant
That would have been too easy....
Actually, having now read them, there does not seem to be any support for the Atheros AR2413 NIC, just mostly the Atheros 5k series. Would madwifi cover this or . . . ?
We cannot tell until you check the vendor:device ID pair. It's a one-liner:
for BUSID in $(/sbin/lspci | awk '{ IGNORECASE=1 } /net/ { print $1 }'); do /sbin/lspci -s $BUSID -m; /sbin/lspci -s $BUSID -n; done
Then you can find out if the driver is supported by the kernel.
All the details are in #4 of the ELRepo FAQ at:
Akemi
On Wed, Jul 14, 2010 at 9:04 PM, Akemi Yagi amyagi@gmail.com wrote:
We cannot tell until you check the vendor:device ID pair. It's a one-liner:
for BUSID in $(/sbin/lspci | awk '{ IGNORECASE=1 } /net/ { print $1 }'); do /sbin/lspci -s $BUSID -m; /sbin/lspci -s $BUSID -n; done
Then you can find out if the driver is supported by the kernel.
All the details are in #4 of the ELRepo FAQ at:
Here's what i got - the first one is my vmware network bridge.
$ for BUSID in $(/sbin/lspci | awk '{ IGNORECASE=1 } /net/ { print $1
}'); do /sbin/lspci -s $BUSID -m; /sbin/lspci -s $BUSID -n; done
00:07.0 "Bridge" "nVidia Corporation" "MCP61 Ethernet" -ra2 "Elitegroup Computer Systems" "Unknown device 2609" 00:07.0 0680: 10de:03ef (rev a2)
The FAQ shows this:
pci 10DE:03EF kmod-forcedeth
This is installed on my desktop (that has no wireless card), but I'll check the laptop tomorrow.
Thanks - this and the guides on the CentOS page ought to cover it. I'll come back if I don't get it working....
Mark
-
Akemi Yagi -
Alexander Dalloz -
Barry Brimer -
Brian Marshall -
Gary Greene -
Gordon Messmer -
JohnS -
Mark -
Stephen Harris -
Todd Denniston