search for: nss_initgroups_ignoreuser

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss /etc/pam.d/crond auth sufficient pam_env.so auth required pam_rootok.so auth include system-auth account required pam_access.so account include system-auth session required pam_logi...

Few of my puppet clients (puppet 0.24.8, ruby 1.8.5, facter 1.5.2) are dying with out any error messages on on syslog. I cannot see much system resource usage on these nodes. What is the best way to troubleshoot the root cause of the problem? -Basil -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email

...o handle this. I can remember where to put things specifically though having better checks would be nice. Like debian sudo-ldap conflicts with sudo, so only one should be installed check define of other ldap related file like a package? users manage local root of every machine - seems like nss_initgroups_ignoreusers root in ldap.conf is necessary. Maybe my nsswitch and pam config could be better as well. files some would depend on if it''s an ldap node. Maybe it''s best to define $hasldap somewhere. Gary --~--~---------~--~----~------------~-------~--~----~ You received this message beca...

...syncrepl to grab the database, and to my eyes both LDAP servers answer read queries identically. I'm testing the client side of this configuration on virtual CentOS 5 i386 machine. /etc/ldap.conf reads ----- %< ----- base dc=DOMAIN,dc=com timelimit 30 bind_timelimit 30 idle_timelimit 300 nss_initgroups_ignoreusers root,ldap,named,[... trimmed ...] uri ldap://ldap1.DOMAIN.com ldap://ldap2.DOMAIN.com ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password md5 ----- %< ----- The client will bind to whichever server is listed first after the 'uri' directive. In the config snippet, it's &...

Hi all, I have problems on one CentOS 4.6 with slapd. Namely, after trying to start it (via /etc/init.d/ldap start) it waits for very long in configuration check. Interestingly, when I try to start it manually, but without "-u ldap" option it starts immediately. What puzzles me more is the use of NETLINK socket when started with -u option that doesn't appear in strace output

Hi Everyone, I'm experiencing the following problem, for which I've not yet found a resolution. It's been discussed elsewhere, but unfortunately nothing actually solves it. Here's my /etc/ldap.conf file: ################# ldap_version 3 base ou=people,o=xxx uri ldaps://server1.domain.be/ ldaps://server2.domain.be/ bind_policy soft scope sub timelimit 3 bind_timelimit 5

I have installed and configured the puppet client nodes to use LDAP to authenicate users. LDAP connection is OK and user can be authenicated via LDAP. I use nscd and with my ldap config setting specify on /etc/ldap.conf However, puppet is not happy; and in the /var/log/messages it gives tons of puppet-agent[27499]: nss_ldap: could not search LDAP server puppet-agent[27499]: nss_ldap:

...out the only suggestion I could find on this problem on Google. Any other suggestions? Thanks! I'm running samba 3.0.33 on RHEL 5. /etc/ldap.conf (nss_ldap.conf on other distros): uri ldap://ldap.nebrwesleyan.edu base o=NebrWesleyan.edu,o=isp timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap ssl start_tls tls_checkpeer no The [global] section of smb.conf: [global] server string = Huxley workgroup = NWU_HUXLEY netbios name = Huxley log level = 1 log file = /var/log/samba/%U.%m.log max log size = 102400 add machine script = /usr/sbin/smbldap-useradd -t 10 -w '%m'...

...cn=admin,dc=ourdomain,dc=com rootbinddn cn=admin,dc=ourdomain,dc=com # random stuff #timelimit 120 #bind_timelimit 120 #bind_policy hard # brought these times down wmodes Aug 11, 2008 timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap # pam config #pam_password md5 pam_password md5 # config for nss nss_base_passwd ou=people,dc=ourdomain,dc=com?one nss_base_shadow ou=people,dc=ourdomain,dc=com?one nss_base_group ou=group,dc=ourdomain,dc=com?one # OpenLDAP SSL mechanism #...

...cn=admin,dc=ourdomain,dc=com rootbinddn cn=admin,dc=ourdomain,dc=com # random stuff #timelimit 120 #bind_timelimit 120 #bind_policy hard # brought these times down wmodes Aug 11, 2008 timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap # pam config #pam_password md5 pam_password md5 # config for nss nss_base_passwd ou=people,dc=ourdomain,dc=com?one nss_base_shadow ou=people,dc=ourdomain,dc=com?one nss_base_group ou=group,dc=ourdomain,dc=com?one # OpenLDAP SSL mechanism #...

...timelimit 120 bind_timelimit 120 bind_policy soft idle_timelimit 3600 nss_base_passwd ou=people,dc=example,dc=org?one nss_base_shadow ou=people,dc=example,dc=org?one nss_base_group ou=groups,dc=example,dc=org?one nss_base_hosts ou=machines,dc=example,dc=org?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman uri ldap://server.example.org ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 smbldap.conf ************ sambaDomain="MYDOMAIN" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="1...

...openldap i get an error message from nscd: --- May 15 14:53:02 mail nscd: nss_ldap: could not search LDAP server - Server is unavailable --- This is due to a timeout, correct? Here is part of my /etc/ldap.conf --- timelimit 120 bind_timelimit 30 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap --- Is there a way to solve this? Thanks, Manuel Monteiro -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090515/e7149c84/attachment-0004.html>

Im running CentOS 5 with samba configured as PDC, with samba 3.0.24 and openldap-servers-2.3.30-2. My /etc/nsswitch.conf is like this: passwd: files ldap shadow: files ldap group: files ldap The problem is when I try to restart LDAP (/etc/init.d/ldap restart) then the init script just hangs. I suppose it will try to run slapd as the ldap user The ldap user is not in LDAP only in

...dc=tata,dc=toto,dc=fr binddn cn=XXXXX,dc=tata,dc=toto,dc=fr bindpw XXXXXX scope sub pam_filter objectclass=supannPerson # We don't use the uid attribute to authenticate the users nss_map_attribute uid iufmLogin # Default options port 389 timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd uri ldap://127.0.0.1/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 - Here the nsswitch.conf file : [...] passwd: files ldap shadow: files ldap group: files ldap [...] - Here the [global]...

Hi! I've got a CentOS4.7-machine as a fileserver. The machine also serves as the LDAP-server against which all regular users are authenticated. The problem I am having is that the machine takes a very long time to boot. Most of the services start up rather quick, but three services take quite a long time (extending the boot time to over half an hour, which is .... long) The three services

...ine for years before the power outage. I'm really thinking that some file got corrupted and I just need to clean it out. Maybe a cache file somewhere? Following is ldap.conf file. Any suggestions? <ldap.conf> base dc=inside,dc=msi timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman rootbinddn cn=Manager,dc=inside,dc=msi nss_base_passwd ou=People,dc=inside,dc=msi nss_base_shadow ou=People,dc=inside,dc=msi nss_base_group ou=Group,dc=inside,dc=msi uri ldap://127.0.0.1 ldap://my.domain ssl no tls_cacertdir /...

Hi, I've migrated from an old samba installation (Samba as PDC) that used TDB backend for password. I've setup a box with ubuntu and samba 3 + ldap and I imported the old users. Old users works fine. I have problems with new users and machines. Old users works but they don't show up with smbldap-usershow command and I've problem in changing their passwords. If I check the ldap

...anager,dc=som,dc=com bindpw <password removed> rootbinddn cn=Manager,dc=som,dc=com bind_timelimit 30 idle_timelimit 3600 pam_password exop nss_base_passwd ou=People,dc=som,dc=com?one nss_base_shadow ou=People,dc=som,dc=com?one nss_base_group ou=Group,dc=som,dc=com?one nss_initgroups_ignoreusers root,ldap ssl off tls_cacertfile /etc/pki/tls/certs/hypothalamus.cer ===== #my nsswitch.conf file passwd: files ldap shadow: files ldap group: files ldap hosts: files dns wins networks: files dns bootparams: files ethers: files netmasks: files networks: files prot...

I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just

I currently have about eight servers running a mixture of CentOS x86_64 v5.2 and v5.3 but none with the very latest updates. They all obtain their authentication information over LDAP and to avoid the starting message bus hang problem[1], nscd is set to soft failure. However, yesterday I set up a new CentOS v5.3 server with the latest updates, but it refuses to get beyond "Starting message