FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-22-2010, 02:01 PM
Sean Carolan
 
Default nscd sometimes gets "stuck"

I'm testing the 389 directory server in our lab environment before
moving it to production and have noticed that occasionally it won't
let me log in. I have to restart the nscd service before it will
authenticate my user. Here's the error in /var/log/secure:

Mar 22 09:59:31 watcher sshd[18109]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=10.2.3.100 user=scarolan
Mar 22 09:59:31 watcher sshd[18109]: pam_ldap: error trying to bind as
user "uid=scarolan,ou=People, dc=companyname, dc=com" (Invalid
credentials)

Has anyone else experienced something like this? Any idea what causes
it? I want to make sure our LDAP authentication is rock-solid
reliable before moving it into the production environment.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-22-2010, 02:51 PM
Doug Chapman
 
Default nscd sometimes gets "stuck"

Yes, nscd is both a blessing and a curse...we've found the default settings for it be problematic.
Check your nscd.conf file and `man nscd.conf`. *Pay special attention to these values:


** *paranoia * * * * yes
** *positive-time-to-live * passwd * * *120** *negative-time-to-live * passwd * * *2
** *persistent * * * passwd * * *no
** *positive-time-to-live * group * * * 120** *negative-time-to-live * group * * * 2
** *persistent * * * group * * * no

On Mon, Mar 22, 2010 at 8:01 AM, Sean Carolan <scarolan@gmail.com> wrote:


I'm testing the 389 directory server in our lab environment before

moving it to production and have noticed that occasionally it won't

let me log in. *I have to restart the nscd service before it will

authenticate my user. *Here's the error in /var/log/secure:



Mar 22 09:59:31 watcher sshd[18109]: pam_unix(sshd:auth):

authentication failure; logname= uid=0 euid=0 tty=ssh ruser=

rhost=10.2.3.100 *user=scarolan

Mar 22 09:59:31 watcher sshd[18109]: pam_ldap: error trying to bind as

user "uid=scarolan,ou=People, dc=companyname, dc=com" (Invalid

credentials)



Has anyone else experienced something like this? *Any idea what causes

it? *I want to make sure our LDAP authentication is rock-solid

reliable before moving it into the production environment.

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-22-2010, 05:21 PM
 
Default nscd sometimes gets "stuck"

Hi Sean!

On Mon, 22 Mar 2010, Sean Carolan wrote:

> I'm testing the 389 directory server in our lab environment before
> moving it to production and have noticed that occasionally it won't
> let me log in. I have to restart the nscd service before it will
> authenticate my user. Here's the error in /var/log/secure:
>
> Mar 22 09:59:31 watcher sshd[18109]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=10.2.3.100 user=scarolan
> Mar 22 09:59:31 watcher sshd[18109]: pam_ldap: error trying to bind as
> user "uid=scarolan,ou=People, dc=companyname, dc=com" (Invalid
> credentials)
>
> Has anyone else experienced something like this? Any idea what causes
> it? I want to make sure our LDAP authentication is rock-solid
> reliable before moving it into the production environment.

What version(s) of nscd are you running?
What OS/Distribution(s) are you running it on?
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-22-2010, 05:56 PM
Sean Carolan
 
Default nscd sometimes gets "stuck"

> Hi Sean!
> What version(s) of nscd are you running?
> What OS/Distribution(s) are you running it on?

Hi Patrick:

We're running CentOS 5, with nscd version 2.5-34.el5_3.1

I just set our config to "paranoid yes" to see if that helps.

thanks

Sean
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 05:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org