On 7/15/10 9:15 AM, "Brian Marshall" <neorosbob at gmail.com> wrote: > Hi Todd, > > Yes, I have already used authconfig to enable caching. If you have any > questions about my configs I have a forum post with more details up there > including the related ldap, and pam config files. > https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=2715 > 3&forum=42 > > The problem still remains, when the LDAP server is offline there is no shadow > data cached so LDAP users can not authenticate on cached data despite caching > and local auth sufficient being enabled in authconfig . > > So am I missing a package, config or something else somewhere.? Please don't top post, thanks. Now.... LDAP caching... Besides running a local LDAP slave on each machine, the only solution I know of is nsscache. What build problems have you had with it? > > > On Jul 15, 2010, at 9:52 AM, Todd Denniston wrote: > >> Brian Marshall wrote, On 07/15/2010 11:37 AM: >>> Yes but I have worked in many organizations that use directory services for >>> authentication and my machines with them have always cached authentication >>> data so I can login if I'm not online. I can't expect laptop users to always >>> have a network connection. If Mac OS and Windows can manage to cache network >>> authentication for offline use, I can't believe that linux does not have >>> this capability. >>> >>> Perhaps my wanting to cache my shadow data or use nscd for this purpose is >>> not the correct way to achieve this. But the only other well discussed >>> option I have found is nsscache which doesn't seem to work very well and >>> their library doesn't seem to install on centos 5. Unfortunately I'm way to >>> much of a hack C programmer to fix it, especially since they don't provide a >>> configure file. >>> >>> So, assuming maybe we put the conversation of nscd shadow caching aside and >>> just talk about how to cache ldap data on a centos system so it can >>> authenticate users in the absence of a network. Creating local >>> passwd/group/shadow data is not an option. >>> >>> Again, I can't stress this enough. I am convinced I am doing something wrong >>> or going about this the wrong way. I'm just not understanding how to either >>> fix the problem at hand or solve it another or proper way. >>> >>> Any advice? >> >> authconfig -help >> >> authconfig --enablecache --update >> >> For some of the folks I work with, it works quite reliably, I on the other >> hand have had problems >> _because_ it caches the info. >> >> >>> >>> Thanks >>> >>> Brian >>> >>> On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote: >>> >>>>> The problem I am having is that shadow does not seem to get cached by >>>>> nscd. Here's how I have tracked this down. >>>> NSCD not caching shadow user credentials is a fact. There is nothing wrong >>>> with your configuration. NSCD just does not do what you seem to expect >>>> from it. You can't make it what you like to. >>>> >>>> If your LDAP server is gone, you will not be able to login. Run a replica >>>> server to avoid a single point of failure. >>>> >>>>> Brian >>>> Alexander >>>> >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> >> >> -- >> Todd Denniston >> Crane Division, Naval Surface Warfare Center (NSWC Crane) >> Harnessing the Power of Technology for the Warfighter >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos -- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239