[CentOS] nsswitch.conf, ldap, local groups problem

Wed Aug 27 16:34:14 UTC 2008
Mark Hennessy <mark at hennessy.cx>

I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing  
this problem.

Hello, I'm seeing a weird problem that perhaps someone has run into  
with groups.

First, a little background.
I was made aware of a problem with CentOS 5 where if the nscd password  
cache is clear and
someone tries to log in if there is no network connection with an LDAP  
account that it
just hangs.  Even worse, if the machine is rebooted and it continues  
to have no network
connection, even root login doesn't work.  I messed around with  
nsswitch.conf to fix this

I altered these lines as so:
passwd:     files [!NOTFOUND=return] ldap
shadow:     files [!NOTFOUND=return] ldap
group:      files [!NOTFOUND=return] ldap

and the problem seemed to go away.

But now, here's the weird stuff:
I have defined in my local /etc/groups file this line:

'getent group groupname' shows the right info:
# getent group group1

# sudo -u apache bash
$ groups

I revert back to my old config:
# sudo -u apache bash
$ groups
apache group1 group2

Also, something else that's interesting. If I do this:
passwd:     files [!NOTFOUND=return] ldap
shadow:     files [!NOTFOUND=return] ldap
group:      ldap [NOTFOUND=continue] files

and reboot, udev segfaults and the system freezes up after a few more seconds.
Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault      
  "$@" $ARGS
/sbin/start_udev: line 201:   523 Segmentation fault      /sbin/udevd -d
Wait timeout. Will continue in the background.[FAILED]

Any advice?