Hi All:
Over the weekend I install all the outstanding updates for our CentOS 4 based server. Since I had been holding off on these until I had addressed some disk space issues there were a large number (300+). I know my bad! After installing the updates I rebooted the system and it took forever to boot and once up there were problems connecting to some of our SAMBA shares. I checked the messages log file and found a multitude of entries similar to:
Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to LDAP server 127.0.0.1: Can't contact LDAP server Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to LDAP server...
These were being reported for named, nscd, smbd, statd, rquotad, etc.
I did some google searching and found some references to the change of the default value for the "bind_policy" parameter in the "ldap.conf" file from "soft" to "hard". I added and explicit "bind_policy soft" to the "/etc/ldap.conf" file and that has improved things dramatically.
However the errors are still being reported in the messages log file. The errors are valid as we do not have and LDAP server (on my list for a future project). What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
I am loath to make such changes without something more definite then my personal suspicion. Can someone confirm that I am on the right track or, if not, point me in the right direction?
TIA
Regards, Hugh
On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
Hi All:
Over the weekend I install all the outstanding updates for our CentOS 4 based server. Since I had been holding off on these until I had addressed some disk space issues there were a large number (300+). I know my bad! After installing the updates I rebooted the system and it took forever to boot and once up there were problems connecting to some of our SAMBA shares. I checked the messages log
<snip>
Did you remember to "updatedb" and then "locate rpmsave" or "locate rpmnew"? There are likely to be many that you need to compare and update.
TIA
Regards, Hugh
HTH
From: William L. Maltby Sent: February 19, 2008 15:25
On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
Hi All:
Over the weekend I install all the outstanding updates for our CentOS 4 based server. Since I had been holding off on these until I had addressed some disk space issues there were a large number (300+). I know my bad! After installing the updates I rebooted the system and it took forever to boot and once up there were problems connecting to some of our SAMBA shares. I checked the messages log
<snip>
Did you remember to "updatedb" and then "locate rpmsave" or "locate rpmnew"? There are likely to be many that you need to compare and update.
Wellllll, I did not remember mainly because I did not know that I should. I know, ignorance is no excuse. My education continues...
I did as you suggested and, although there are several files to be reviewed, none appear to be current nor relevant. However I will address these.
Thanks for your suggestion.
Regards, Hugh
On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
Hi All:
Over the weekend I install all the outstanding updates for our CentOS 4 based server. Since I had been holding off on these until I had addressed some disk space issues there were a large number (300+). I know my bad! After installing the updates I rebooted the system and it took forever to boot and once up there were problems connecting to some of our SAMBA shares. I checked the messages log file and found a multitude of entries similar to:
Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to LDAP server 127.0.0.1: Can't contact LDAP server Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to LDAP server...
These were being reported for named, nscd, smbd, statd, rquotad, etc.
I did some google searching and found some references to the change of the default value for the "bind_policy" parameter in the "ldap.conf" file from "soft" to "hard". I added and explicit "bind_policy soft" to the "/etc/ldap.conf" file and that has improved things dramatically.
However the errors are still being reported in the messages log file. The errors are valid as we do not have and LDAP server (on my list for a future project). What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
I am loath to make such changes without something more definite then my personal suspicion. Can someone confirm that I am on the right track or, if not, point me in the right direction?
---- I have to use these in CentOS 5.x
tail -n 4 /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap
I don't know about quotad, nscd (I haven't been using them)
You shouldn't need to add anything for smbd, statd at all
Craig
From: Craig White Sent: February 19, 2008 15:31
On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to LDAP server 127.0.0.1: Can't contact LDAP server Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to LDAP server...
However the errors are still being reported in the messages log file. The errors are valid as we do not have and LDAP server (on my list for a future project). What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
I have to use these in CentOS 5.x
tail -n 4 /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap
Thanks for the suggestion but these would appear to control the way that LDAP behaves. Since we do not have an LDAP server I would think that they would be superfluous. What I really need to do is stop things from looking for an LDAP server in the first place.
Thanks again for your suggestion.
Regards, Hugh
On Tue, 2008-02-19 at 16:05 -0800, Hugh E Cruickshank wrote:
From: Craig White Sent: February 19, 2008 15:31
On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to LDAP server 127.0.0.1: Can't contact LDAP server Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to LDAP server...
However the errors are still being reported in the messages log file. The errors are valid as we do not have and LDAP server (on my list for a future project). What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
I have to use these in CentOS 5.x
tail -n 4 /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap
Thanks for the suggestion but these would appear to control the way that LDAP behaves. Since we do not have an LDAP server I would think that they would be superfluous. What I really need to do is stop things from looking for an LDAP server in the first place.
Thanks again for your suggestion.
Regards, Hugh
---- gotcha
what is in /etc/nsswitch.conf ?
Craig
From: Craig White Sent: February 19, 2008 16:08
On Tue, 2008-02-19 at 16:05 -0800, Hugh E Cruickshank wrote:
From: Craig White Sent: February 19, 2008 15:31
On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to LDAP server 127.0.0.1: Can't contact LDAP server Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to LDAP server...
However the errors are still being reported in the messages log file. The errors are valid as we do not have and LDAP server (on my list for a future project). What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
I have to use these in CentOS 5.x
tail -n 4 /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap
Thanks for the suggestion but these would appear to control the way that LDAP behaves. Since we do not have an LDAP server I would think that they would be superfluous. What I really need to do is stop things from looking for an LDAP server in the first place.
gotcha
what is in /etc/nsswitch.conf ?
Back to my original question then....
The errors are valid as we do not have an LDAP server. What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
Here are the (essential) contents of the /etc/nsswitch.conf file:
passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: files ethers: files netmasks: files networks: files protocols: files ldap rpc: files services: files ldap netgroup: files ldap publickey: files automount: files ldap aliases: files
Regards, Hugh
On Tue, Feb 19, 2008 at 04:24:59PM -0800, Hugh E Cruickshank wrote:
The errors are valid as we do not have an LDAP server. What I am trying to figure out is why it is looking for one. I have done some
passwd: files ldap
That means "look in /etc/passwd and if it's not found THEN look in LDAP".
So the answer to "why" is because you told it to do so.
Change it to passwd: files (and similarly for the other entries) to stop it trying to look in LDAP.
In other words you _had_ the right answer already!
From: Stephen Harris Sent: February 19, 2008 16:56
In other words you _had_ the right answer already!
Thanks muchly for the confirmation. I have made the necessary changes and I am just in the process of kicking people off so that I can reboot. I know the reboot may not be entirely required but it will ensure that all services have been restart and now reflect the configuration changes.
Thanks again for your assistance.
Regards, Hugh
From: Hugh E Cruickshank Sent: February 19, 2008 17:10
From: Stephen Harris Sent: February 19, 2008 16:56
In other words you _had_ the right answer already!
Thanks muchly for the confirmation. I have made the necessary changes and I am just in the process of kicking people off so that I can reboot. I know the reboot may not be entirely required but it will ensure that all services have been restart and now reflect the configuration changes.
Well that has seems to have done the trick.
Thanks to all who contributed!
Regards, Hugh
On Tue, 2008-02-19 at 16:24 -0800, Hugh E Cruickshank wrote:
From: Craig White Sent: February 19, 2008 16:08
On Tue, 2008-02-19 at 16:05 -0800, Hugh E Cruickshank wrote:
From: Craig White Sent: February 19, 2008 15:31
On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to LDAP server 127.0.0.1: Can't contact LDAP server Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to LDAP server...
However the errors are still being reported in the messages log file. The errors are valid as we do not have and LDAP server (on my list for a future project). What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
I have to use these in CentOS 5.x
tail -n 4 /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap
Thanks for the suggestion but these would appear to control the way that LDAP behaves. Since we do not have an LDAP server I would think that they would be superfluous. What I really need to do is stop things from looking for an LDAP server in the first place.
gotcha
what is in /etc/nsswitch.conf ?
Back to my original question then....
The errors are valid as we do not have an LDAP server. What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
Here are the (essential) contents of the /etc/nsswitch.conf file:
passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: files ethers: files netmasks: files networks: files protocols: files ldap rpc: files services: files ldap netgroup: files ldap publickey: files automount: files ldap aliases: files
---- dude - if you aren't running an ldap server, there is absolutely no reason to have nsswitch.conf tell it to look for an ldap server.
remove all the references to ldap since you don't have an ldap server
Craig
on 2/19/2008 2:09 PM Hugh E Cruickshank spake the following:
Hi All:
Over the weekend I install all the outstanding updates for our CentOS 4 based server. Since I had been holding off on these until I had addressed some disk space issues there were a large number (300+). I know my bad! After installing the updates I rebooted the system and it took forever to boot and once up there were problems connecting to some of our SAMBA shares. I checked the messages log file and found a multitude of entries similar to:
Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to LDAP server 127.0.0.1: Can't contact LDAP server Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to LDAP server...
These were being reported for named, nscd, smbd, statd, rquotad, etc.
I did some google searching and found some references to the change of the default value for the "bind_policy" parameter in the "ldap.conf" file from "soft" to "hard". I added and explicit "bind_policy soft" to the "/etc/ldap.conf" file and that has improved things dramatically.
However the errors are still being reported in the messages log file. The errors are valid as we do not have and LDAP server (on my list for a future project). What I am trying to figure out is why it is looking for one. I have done some additional google searching but I have not found any definitive answers. From what I have seen I suspect that the problem lays with our /etc/nsswitch.conf file and that I need to change references to "file ldap" to just "files".
I am loath to make such changes without something more definite then my personal suspicion. Can someone confirm that I am on the right track or, if not, point me in the right direction?
TIA
Regards, Hugh
As long as you have ldap entries in nsswitch.conf those services will attempt to look for ldap.
-
Craig White -
Craig White -
Hugh E Cruickshank -
Scott Silva -
Stephen Harris -
William L. Maltby