On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: > I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing > this problem. > > Hello, I'm seeing a weird problem that perhaps someone has run into > with groups. > > First, a little background. > I was made aware of a problem with CentOS 5 where if the nscd password > cache is clear and > someone tries to log in if there is no network connection with an LDAP > account that it > just hangs. Even worse, if the machine is rebooted and it continues > to have no network > connection, even root login doesn't work. I messed around with > nsswitch.conf to fix this > problem. > > I altered these lines as so: > passwd: files [!NOTFOUND=return] ldap > shadow: files [!NOTFOUND=return] ldap > group: files [!NOTFOUND=return] ldap > > and the problem seemed to go away. > > But now, here's the weird stuff: > I have defined in my local /etc/groups file this line: > group1:x:100:apache > group2:x:101:apache > > 'getent group groupname' shows the right info: > # getent group group1 > group1:x:100:apache > > # sudo -u apache bash > $ groups > apache > > I revert back to my old config: > # sudo -u apache bash > $ groups > apache group1 group2 > > Also, something else that's interesting. If I do this: > passwd: files [!NOTFOUND=return] ldap > shadow: files [!NOTFOUND=return] ldap > group: ldap [NOTFOUND=continue] files > > and reboot, udev segfaults and the system freezes up after a few more seconds. > Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault > "$@" $ARGS > /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d > Wait timeout. Will continue in the background.[FAILED] > > Any advice? ---- Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Craig