Re: ldap problem
On Thu, Jun 23, 2005 at 02:06:17PM -0400, Patrick Flaherty wrote:
> I'm a bit stumped on this, but a few things you could do to humor
> me/double check.
>
> check for duplicate username/group names. both in the system files and
> in ldap.
There's definately some duplicates (tty, nobody, etc). But I'm not
sure what will happen if I take those out, the ldap server being in
production and all..
The reason for this, I guess, is I migrated the data from NIS.
> i've run into some dumbness with nscd recently (duplicate group names)
> which caused all sorts of badness preventing logins. try stopping the
> nscd daemon and trying to log in again
I've uninstalled nscd altogether, but that doesn't seem to be the
problem. I've also compiled the latest ssh. It hangs in the same
place, which only makes me believe that its pam even more.
I forgot to mention that it hangs, but doesn't die. After about an
hour or so, the session completes and the user is logged in normally.
It must be a timeout issue of some sort, but I have no idea what it's
hanging on.
> also make sure that nscd dosn't start before your ldap daemon
>
> my pam ssh file looks more like
> auth required pam_nologin.so
> auth sufficient pam_ldap.so
> auth sufficient pam_unix.so shadow use_first_pass
> auth required pam_deny.so
>
> my nsswitch file gives precidence to files over ldap.
Mine too.
> the users you are trying to log in as have good ldap info i hope? home
> directory, shell, uid, gid, all that good stuff? that maybe confusing
> login to.
Yes, all of that is working flawlessly now, on Suns and debian 386 boxes.
> other than that i may have to throw in the towel (and i don't know if
> there's an easy way to test pam modules)
Many thanks for trying!
If anyone else has any leads, I'd be most grateful.
--
Sincerely,
Matt Dunford
Unix Systems Administrator
DOE Joint Genome Institute
url: http://www.jgi.doe.gov
email: madunford@lbl.gov
phone: 925-296-5844
Reply to: