On 7/15/10 11:29 AM, "Brian Marshall" <neorosbob at gmail.com> wrote: > > On Jul 15, 2010, at 11:46 AM, Gary Greene wrote: > >> On 7/15/10 9:15 AM, "Brian Marshall" <neorosbob at gmail.com> wrote: >>> Hi Todd, >>> >>> Yes, I have already used authconfig to enable caching. If you have any >>> questions about my configs I have a forum post with more details up there >>> including the related ldap, and pam config files. >>> https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=27 >>> 15 >>> 3&forum=42 >>> >>> The problem still remains, when the LDAP server is offline there is no >>> shadow >>> data cached so LDAP users can not authenticate on cached data despite >>> caching >>> and local auth sufficient being enabled in authconfig . >>> >>> So am I missing a package, config or something else somewhere.? >> >> Please don't top post, thanks. >> >> Now.... LDAP caching... Besides running a local LDAP slave on each machine, >> the only solution I know of is nsscache. What build problems have you had >> with it? >> >>> >>> >>> On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote: >>> >>>> Brian Marshall wrote, On 07/15/2010 11:37 AM: >>>>> Yes but I have worked in many organizations that use directory services >>>>> for >>>>> authentication and my machines with them have always cached authentication >>>>> data so I can login if I'm not online. I can't expect laptop users to >>>>> always >>>>> have a network connection. If Mac OS and Windows can manage to cache >>>>> network >>>>> authentication for offline use, I can't believe that linux does not have >>>>> this capability. >>>>> >>>>> Perhaps my wanting to cache my shadow data or use nscd for this purpose is >>>>> not the correct way to achieve this. But the only other well discussed >>>>> option I have found is nsscache which doesn't seem to work very well and >>>>> their library doesn't seem to install on centos 5. Unfortunately I'm way >>>>> to >>>>> much of a hack C programmer to fix it, especially since they don't provide >>>>> a >>>>> configure file. >>>>> >>>>> So, assuming maybe we put the conversation of nscd shadow caching aside >>>>> and >>>>> just talk about how to cache ldap data on a centos system so it can >>>>> authenticate users in the absence of a network. Creating local >>>>> passwd/group/shadow data is not an option. >>>>> >>>>> Again, I can't stress this enough. I am convinced I am doing something >>>>> wrong >>>>> or going about this the wrong way. I'm just not understanding how to >>>>> either >>>>> fix the problem at hand or solve it another or proper way. >>>>> >>>>> Any advice? >>>> >>>> authconfig -help >>>> >>>> authconfig --enablecache --update >>>> >>>> For some of the folks I work with, it works quite reliably, I on the other >>>> hand have had problems >>>> _because_ it caches the info. >>>> >>>> >>>>> >>>>> Thanks >>>>> >>>>> Brian >>>>> >>>>> On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote: >>>>> >>>>>>> The problem I am having is that shadow does not seem to get cached by >>>>>>> nscd. Here's how I have tracked this down. >>>>>> NSCD not caching shadow user credentials is a fact. There is nothing >>>>>> wrong >>>>>> with your configuration. NSCD just does not do what you seem to expect >>>>>> from it. You can't make it what you like to. >>>>>> >>>>>> If your LDAP server is gone, you will not be able to login. Run a replica >>>>>> server to avoid a single point of failure. >>>>>> >>>>>>> Brian >>>>>> Alexander >>>>>> >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> >>>> >>>> >>>> -- >>>> Todd Denniston >>>> Crane Division, Naval Surface Warfare Center (NSWC Crane) >>>> Harnessing the Power of Technology for the Warfighter >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> >> -- >> Gary L. Greene, Jr. >> IT Operations >> Minerva Networks, Inc. >> Cell: (650) 704-6633 >> Phone: (408) 240-1239 >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > > > Sorry about that top post. > > nsscache seems to install ok but when I try to run the update it errors out on > importing some other python file that didn't seem to get installed anywhere. > It errors with this > > [root at argentine ~]# nsscache update --full > Traceback (most recent call last): > File "/usr/local/bin/nsscache", line 28, in ? > from nss_cache import app > ImportError: No module named nss_cache > > > and here is /usr/local/bin/nsscache > > 19 """Executable frontend to nss_cache.""" > 20 > 21 __author__ = ('jaq at google.com (Jamie Wilkinson)', > 22 'vasilios at google.com (Vasilios Hoffman)') > 23 > 24 import logging > 25 import os > 26 import sys > 27 > 28 from nss_cache import app > 29 > 30 if __name__ == '__main__': > 31 nsscache_app = app.NssCacheApp() > 32 return_value = nsscache_app.Run(sys.argv[1:], os.environ) > 33 nsscache_app.log.info('Exiting nsscache') > 34 nsscache_app.log.debug('with value %d', return_value) > 35 sys.exit(return_value) > > > I do have a few things of matching name on the system but I'm not comfortable > enough with the python environement to start monkeying around. It seems like > an env var, path or prefix is not defined properly../usr/lib/libnss_cache.so > > Locate finds these files (below) which are a result of the libnss-cache > install. > > /usr/lib/libnss_cache.so.2 > /usr/lib/libnss_cache.so.2.0 > /usr/local/lib/python2.4/site-packages/nss_cache You need to modify your python site-packages search path so it can find the files, since normally from my experience, python doesn't search /usr/local for eggs. -- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239