configuration of nsswitch.conf ignored by system
Dear DebUsers,
I've the problem that on all debian systems (Woody, Sid) it
seems that some configuration changes of the nsswitch.conf
are ignored by the system.
We've a lot of Laptop systems that should resolve the groups
also from LDAP - but only as long as they are in our company
network.
As soon as they leave this network (and can't contact the
LDAP server) I've the problem that all logins and all actions
where some user- or group-resolving is done take up to minutes
(tcp timeout?).
For this I've created the following nsswitch.conf:
---cut---
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files
group: files [SUCCESS=return] ldap
#group: files
shadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
---cut---
For me this config tells that first the process has to look at
the local files and when the entry is found the resolving stops
and does not start an ldap lookup.
Unfortunately this does not work! As long as the ldap entry
is in the nsswitch.conf and I cant reach the server I cant work
with my system, I have to comment out the ldap-line and have to
comment in the files-only-line.
==> Is this behaviour wanted?
==> How can I configure my system that it will JUST look into
the LDAP when the files-lookup was not successful?
Thanks for any help,
Matthias
P.S.: The problem is that on a server of our company this same
bug brings some software to segfault and usually this bug is solved
with a config like above, which works not on Debian...:-(
Reply to: