On 7/15/10 11:49 AM, "Brian Marshall" <neorosbob at gmail.com> wrote: > On Jul 15, 2010, at 12:37 PM, Gary Greene wrote: >> On 7/15/10 11:29 AM, "Brian Marshall" <neorosbob at gmail.com> wrote: >>> On Jul 15, 2010, at 11:46 AM, Gary Greene wrote: >>>> On 7/15/10 9:15 AM, "Brian Marshall" <neorosbob at gmail.com> wrote: >>>>> Hi Todd, >>>>> >>>>> Yes, I have already used authconfig to enable caching. If you have any >>>>> questions about my configs I have a forum post with more details up there >>>>> including the related ldap, and pam config files. >>>>> https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id= >>>>> 27 >>>>> 15 >>>>> 3&forum=42 >>>>> >>>>> The problem still remains, when the LDAP server is offline there is no >>>>> shadow >>>>> data cached so LDAP users can not authenticate on cached data despite >>>>> caching >>>>> and local auth sufficient being enabled in authconfig . >>>>> >>>>> So am I missing a package, config or something else somewhere.? >>>> >>>> Please don't top post, thanks. >>>> >>>> Now.... LDAP caching... Besides running a local LDAP slave on each machine, >>>> the only solution I know of is nsscache. What build problems have you had >>>> with it? >>>> >>>>> >>>>> >>>>> On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote: >>>>> >>>>>> Brian Marshall wrote, On 07/15/2010 11:37 AM: >>>>>>> Yes but I have worked in many organizations that use directory services >>>>>>> for >>>>>>> authentication and my machines with them have always cached >>>>>>> authentication >>>>>>> data so I can login if I'm not online. I can't expect laptop users to >>>>>>> always >>>>>>> have a network connection. If Mac OS and Windows can manage to cache >>>>>>> network >>>>>>> authentication for offline use, I can't believe that linux does not have >>>>>>> this capability. >>>>>>> >>>>>>> Perhaps my wanting to cache my shadow data or use nscd for this purpose >>>>>>> is >>>>>>> not the correct way to achieve this. But the only other well discussed >>>>>>> option I have found is nsscache which doesn't seem to work very well and >>>>>>> their library doesn't seem to install on centos 5. Unfortunately I'm way >>>>>>> to >>>>>>> much of a hack C programmer to fix it, especially since they don't >>>>>>> provide >>>>>>> a >>>>>>> configure file. >>>>>>> >>>>>>> So, assuming maybe we put the conversation of nscd shadow caching aside >>>>>>> and >>>>>>> just talk about how to cache ldap data on a centos system so it can >>>>>>> authenticate users in the absence of a network. Creating local >>>>>>> passwd/group/shadow data is not an option. >>>>>>> >>>>>>> Again, I can't stress this enough. I am convinced I am doing something >>>>>>> wrong >>>>>>> or going about this the wrong way. I'm just not understanding how to >>>>>>> either >>>>>>> fix the problem at hand or solve it another or proper way. >>>>>>> >>>>>>> Any advice? >>>>>> >>>>>> authconfig -help >>>>>> >>>>>> authconfig --enablecache --update >>>>>> >>>>>> For some of the folks I work with, it works quite reliably, I on the >>>>>> other >>>>>> hand have had problems >>>>>> _because_ it caches the info. >>>>>> >>>>>> >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> Brian >>>>>>> >>>>>>> On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote: >>>>>>> >>>>>>>>> The problem I am having is that shadow does not seem to get cached by >>>>>>>>> nscd. Here's how I have tracked this down. >>>>>>>> NSCD not caching shadow user credentials is a fact. There is nothing >>>>>>>> wrong >>>>>>>> with your configuration. NSCD just does not do what you seem to expect >>>>>>>> from it. You can't make it what you like to. >>>>>>>> >>>>>>>> If your LDAP server is gone, you will not be able to login. Run a >>>>>>>> replica >>>>>>>> server to avoid a single point of failure. >>>>>>>> >>>>>>>>> Brian >>>>>>>> Alexander >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> CentOS mailing list >>>>>>>> CentOS at centos.org >>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>> >>>>>>> _______________________________________________ >>>>>>> CentOS mailing list >>>>>>> CentOS at centos.org >>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Todd Denniston >>>>>> Crane Division, Naval Surface Warfare Center (NSWC Crane) >>>>>> Harnessing the Power of Technology for the Warfighter >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> >>>> -- >>>> Gary L. Greene, Jr. >>>> IT Operations >>>> Minerva Networks, Inc. >>>> Cell: (650) 704-6633 >>>> Phone: (408) 240-1239 >>>> >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> >>> >>> Sorry about that top post. >>> >>> nsscache seems to install ok but when I try to run the update it errors out >>> on >>> importing some other python file that didn't seem to get installed anywhere. >>> It errors with this >>> >>> [root at argentine ~]# nsscache update --full >>> Traceback (most recent call last): >>> File "/usr/local/bin/nsscache", line 28, in ? >>> from nss_cache import app >>> ImportError: No module named nss_cache >>> >>> >>> and here is /usr/local/bin/nsscache >>> >>> 19 """Executable frontend to nss_cache.""" >>> 20 >>> 21 __author__ = ('jaq at google.com (Jamie Wilkinson)', >>> 22 'vasilios at google.com (Vasilios Hoffman)') >>> 23 >>> 24 import logging >>> 25 import os >>> 26 import sys >>> 27 >>> 28 from nss_cache import app >>> 29 >>> 30 if __name__ == '__main__': >>> 31 nsscache_app = app.NssCacheApp() >>> 32 return_value = nsscache_app.Run(sys.argv[1:], os.environ) >>> 33 nsscache_app.log.info('Exiting nsscache') >>> 34 nsscache_app.log.debug('with value %d', return_value) >>> 35 sys.exit(return_value) >>> >>> >>> I do have a few things of matching name on the system but I'm not >>> comfortable >>> enough with the python environement to start monkeying around. It seems like >>> an env var, path or prefix is not defined properly../usr/lib/libnss_cache.so >>> >>> Locate finds these files (below) which are a result of the libnss-cache >>> install. >>> >>> /usr/lib/libnss_cache.so.2 >>> /usr/lib/libnss_cache.so.2.0 >>> /usr/local/lib/python2.4/site-packages/nss_cache >> >> You need to modify your python site-packages search path so it can find the >> files, since normally from my experience, python doesn't search /usr/local >> for eggs. >> >> -- >> Gary L. Greene, Jr. >> IT Operations >> Minerva Networks, Inc. >> Cell: (650) 704-6633 >> Phone: (408) 240-1239 >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > > Hi Gary, > > That's what I was assuming, but as I said I'm not real familiar with the > python environment so I'm having a hard time find out where to do that. I'm > doing some googling around without much luck. I'll keep trying. > > Thanks > > Brian What you're looking for is information on sitecustomize. Look at /usr/lib/python2.4/site.py for more information. -- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239