on 10/10/2007 1:01 PM jlee spake the following: > > > Andy Harrison wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> On 10/10/07, Craig White wrote: >>> As for 'critical apps that require' nscd...I don't personally know of >>> any and if we are talking about CentOS-5 which has 2.3.27 version of >>> openldap...the 2.3.x versions are very fast and I'm not certain that >>> nscd is of all that much benefit (but I don't know because I have never >>> tested it out). >> >> Can CentOS (openldap) be configured to work without nscd for file >> ownership over nfs mounted volumes? >> >> - -- >> Andy Harrison > > Problem solved (kind of). Openldap was working for logins, but not for > launching certain apps, that's why nscd was installed. Launching acroread > with strace showed the following. > > > > <snip> > [2]$ strace /usr/local/Adobe/Acrobat7.0/bin/acroread 2>&1|tee| grep nss > open("/etc/nsswitch.conf", O_RDONLY) = 4 > read(4, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1658 > open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_files.so.2", > O_RDONLY) = -1 ENOENT (No such file or directory) > open("/usr/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/lib/tls/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/lib/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/lib/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/lib/libnss_files.so.2", O_RDONLY) = 4 > open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_ldap.so.2", > O_RDONLY) = -1 ENOENT (No such file or directory) > open("/usr/lib64/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/usr/lib64/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No > such file or directory) > open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file > or directory) > open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No > such file or directory) > open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such > file or directory) > open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or > directory) > </snip> > > > > > With the i386 libs for ldap installed acroread along with other programs > were able to get > their user id authentication and run properly, therefore nscd was no > longer needed. > > This did not solve the mystery of why nscd was dying, just eliminated > the need for it. > Here is part of the strace on nscd (4096 is the pid). There is a lot of > stuff above this, > but the end where is segfaults always looks pretty much the same. > > > > > <snip> > geteuid32() = 430 > open("/etc/passwd", O_RDONLY) = 4 > fcntl64(4, F_GETFD) = 0 > fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 > fstat64(0x4, 0xffffcd2c) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0x1000) = 0xfffffffff7429000 > read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1946 > read(4, "", 4096) = 0 > close(4) = 0 > munmap(0xf7429000, 4096) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > exit_group(1) = ? > Process 27033 detached > </snip> > > > > > Haven't tested to see if the i386 libnss_ldap fixed the nscd issue. nscd has been flaky since CentOS3. I had segfaults way back then. They were random and irritating, hard to trace down to the cause, and finding ways to not use it were the norm and not the exception. I don't think nscd is as useful as it used to be with the slower services like NIS. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!