I have a strange problem on a CentOS-5.8 machine. I can only login as root. If I try to login with one of the user's names, it hangs for a long time. I thought it hung forever, but I just found that I do login after "su tim" after 5 minutes.
It seems that the problem lies in repeated messages in /var/log/messages --------------------------- May 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server ldap://www.gayleard.com/: Can't contact LDAP server May 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... ---------------------------
The openldap server is not running, and I don't see why this authentication is being sought. There is nothing in /etc/pam.d/su or /etc/pam.d/login or /etc/ssh/sshd_config to suggest that ldap needs to be invoked, unless it is a part of system-auth .
On Thu, 2012-05-03 at 13:47 +0100, Timothy Murphy wrote:
I have a strange problem on a CentOS-5.8 machine. I can only login as root. If I try to login with one of the user's names, it hangs for a long time. I thought it hung forever, but I just found that I do login after "su tim" after 5 minutes.
It seems that the problem lies in repeated messages in /var/log/messages
May 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server ldap://www.gayleard.com/: Can't contact LDAP server May 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
The openldap server is not running, and I don't see why this authentication is being sought. There is nothing in /etc/pam.d/su or /etc/pam.d/login or /etc/ssh/sshd_config to suggest that ldap needs to be invoked, unless it is a part of system-auth .
Have you also checked /etc/nsswitch.conf?
On Thu, May 03, 2012 at 09:25:02AM -0400, Tait Clarridge wrote:
On Thu, 2012-05-03 at 13:47 +0100, Timothy Murphy wrote:
I have a strange problem on a CentOS-5.8 machine. I can only login as root. If I try to login with one of the user's names, it hangs for a long time. I thought it hung forever, but I just found that I do login after "su tim" after 5 minutes.
It seems that the problem lies in repeated messages in /var/log/messages
Sounds like another bug that has been around for years. You may be able to fix this by finding a line--on CentOS 5.x I think it's in /etc/ldap.conf, that says bind_policy hard. (It's probably commented out.) Uncomment it (by removing the # at the beginning of the line, if there is a # sign) and change it bind_policy soft. Then restart ldap if it's running--on 5.8, not sure if it's service slapd or service ldap. See if that helps.
On May 3, 2012, at 5:47 AM, Timothy Murphy wrote:
I have a strange problem on a CentOS-5.8 machine. I can only login as root. If I try to login with one of the user's names, it hangs for a long time. I thought it hung forever, but I just found that I do login after "su tim" after 5 minutes.
It seems that the problem lies in repeated messages in /var/log/messages
May 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server ldap://www.gayleard.com/: Can't contact LDAP server May 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
The openldap server is not running, and I don't see why this authentication is being sought. There is nothing in /etc/pam.d/su or /etc/pam.d/login or /etc/ssh/sshd_config to suggest that ldap needs to be invoked, unless it is a part of system-auth .
---- it would seem that you configured ldap as a potential authentication source in 'authconfig'
Tait probably gave you the best possible fix - remove the ldap entries in /etc/nsswitch.conf (or /etc/sssd/sssd.conf if present).
Craig
________________________________ From: Timothy Murphy gayleard@eircom.net To: centos@centos.org Sent: Thursday, May 3, 2012 5:47 AM Subject: [CentOS] Can only login as root
I have a strange problem on a CentOS-5.8 machine. I can only login as root. If I try to login with one of the user's names, it hangs for a long time. I thought it hung forever, but I just found that I do login after "su tim" after 5 minutes.
It seems that the problem lies in repeated messages in /var/log/messages
May 3 12:14:13 helen su: nss_ldap: failed to bind to LDAP server ldap://www.gayleard.com/: Can't contact LDAP server May 3 12:14:13 helen su: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
=====================
How does your /etc/nsswitch.conf look? Particularly the 'passwd:' line?
Joseph Spenner wrote:
I have a strange problem on a CentOS-5.8 machine. I can only login as root.
How does your /etc/nsswitch.conf look? Particularly the 'passwd:' line?
Thanks very much. I see that in /etc/nsswitch.conf I have -------------------------------- #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis
passwd: files ldap shadow: files ldap group: files ldap --------------------------------
I'll go back to the commented-out version, and I'm sure that will do the trick.
I'm not sure when I made this change - I should explain that the computer in question is my old Dell server, which I stopped using some time ago as the 2TB disk in it seems sick. I've resuscitated it to try to get all the data off it.
I was running an openLDAP server on this machine, and must have edited nsswitch.conf for that.
-
Craig White -
Joseph Spenner -
Scott Robbins -
Tait Clarridge -
Timothy Murphy