On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote: > Quoting Craig White <craigwhite at azapple.com>: > > > On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: > >> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing > >> this problem. > >> > >> Hello, I'm seeing a weird problem that perhaps someone has run into > >> with groups. > >> > >> First, a little background. > >> I was made aware of a problem with CentOS 5 where if the nscd password > >> cache is clear and > >> someone tries to log in if there is no network connection with an LDAP > >> account that it > >> just hangs. Even worse, if the machine is rebooted and it continues > >> to have no network > >> connection, even root login doesn't work. I messed around with > >> nsswitch.conf to fix this > >> problem. > >> > >> I altered these lines as so: > >> passwd: files [!NOTFOUND=return] ldap > >> shadow: files [!NOTFOUND=return] ldap > >> group: files [!NOTFOUND=return] ldap > >> > >> and the problem seemed to go away. > >> > >> But now, here's the weird stuff: > >> I have defined in my local /etc/groups file this line: > >> group1:x:100:apache > >> group2:x:101:apache > >> > >> 'getent group groupname' shows the right info: > >> # getent group group1 > >> group1:x:100:apache > >> > >> # sudo -u apache bash > >> $ groups > >> apache > >> > >> I revert back to my old config: > >> # sudo -u apache bash > >> $ groups > >> apache group1 group2 > >> > >> Also, something else that's interesting. If I do this: > >> passwd: files [!NOTFOUND=return] ldap > >> shadow: files [!NOTFOUND=return] ldap > >> group: ldap [NOTFOUND=continue] files > >> > >> and reboot, udev segfaults and the system freezes up after a few > >> more seconds. > >> Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault > >> "$@" $ARGS > >> /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d > >> Wait timeout. Will continue in the background.[FAILED] > >> > >> Any advice? > > ---- > > Try putting this at the bottom of /etc/ldap.conf > > > > timelimit 30 > > bind_timelimit 30 > > bind_policy soft > > nss_initgroups_ignoreusers root,ldap > > > > I wouldn't recommend the changes that you have in nsswitch.conf > > Unfortunately, that doesn't work either. > I made the changes, shut down the machine and started it without > networking, and here's what happens: > > login: root > Password: > > login: > > login pukes and init starts it again. ---- you shouldn't need to restart but if you can't login as root, you probably still have something messed up in /etc/nsswitch.conf or may have messed up /etc/passwd | /etc/shadow can you login as a user and su - to root? if not, it probably would be best to boot to runlevel 1 and edit /etc/nsswitch.conf so it has this... passwd: files ldap shadow: files ldap group: files ldap and remove the NOTFOUND entries Craig