On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm
seeing
> this problem.
>
> Hello, I'm seeing a weird problem that perhaps someone has run into
> with groups.
>
> First, a little background.
> I was made aware of a problem with CentOS 5 where if the nscd password
> cache is clear and
> someone tries to log in if there is no network connection with an LDAP
> account that it
> just hangs. Even worse, if the machine is rebooted and it continues
> to have no network
> connection, even root login doesn't work. I messed around with
> nsswitch.conf to fix this
> problem.
>
> I altered these lines as so:
> passwd: files [!NOTFOUND=return] ldap
> shadow: files [!NOTFOUND=return] ldap
> group: files [!NOTFOUND=return] ldap
>
> and the problem seemed to go away.
>
> But now, here's the weird stuff:
> I have defined in my local /etc/groups file this line:
> group1:x:100:apache
> group2:x:101:apache
>
> 'getent group groupname' shows the right info:
> # getent group group1
> group1:x:100:apache
>
> # sudo -u apache bash
> $ groups
> apache
>
> I revert back to my old config:
> # sudo -u apache bash
> $ groups
> apache group1 group2
>
> Also, something else that's interesting. If I do this:
> passwd: files [!NOTFOUND=return] ldap
> shadow: files [!NOTFOUND=return] ldap
> group: ldap [NOTFOUND=continue] files
>
> and reboot, udev segfaults and the system freezes up after a few more
seconds.
> Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault
> "$@" $ARGS
> /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d
> Wait timeout. Will continue in the background.[FAILED]
>
> Any advice?
----
Try putting this at the bottom of /etc/ldap.conf
timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap
I wouldn't recommend the changes that you have in nsswitch.conf
Craig