you were right, it was the dns...
I try to delete de dns entry in the nsswitch.conf file.
it work very well, the user is authenticated with the credentials
So i don't know how to do to leave the dns entry and to get the same
By default, the nss dns status entry is anavail=continue, so it would
Does i need to use a proxy dns???
Anthony a écrit :
Petter Reinholdtsen a écrit :
Yes, it seems to be the same goal... but for ldap auth and no kerb...!!
i try to configure the auth of my all users by a openldap server.
So i configure libpam-ldap libnss-ldap (with db in nsswitch.conf)
and nss_udatedb (with a cron to update de db users) configure the
libpam_ccreds to be able to auth the user even if the network is
down (more specially Laptop)
Very interesting configuration. Is this similar to the configuration
on <URL:http://www.flyn.org/laptopldap/laptopldap.html> for mobile
DNS; i haven't thougth about that...!
If the interface is not configure, after a first auth on the ldap,
the user authenticated If a interface is NOT configure (Only
loopback) , it take a long, long time, and the user is not auth on
the ccreds file.
WATH's the problem
Could it be a DNS timeout problem? Is the LDAP server listed in
/etc/hosts? If the timeout is 3 minutes, it might be the nss-ldap
connect call that take forever.
I will try to put the ldap server in /etc/hosts
yes, the timeout is aproximatively 3 minutes. But i don't use the
libnss-ldap, I use the libnss-db so the information are provided by a
(I use a cron "nss_updatedb ldap" every 10 minutes (maybe it could be
I don't think is due to nss ldap.
about my configuration :
passwd: files db
shadow: files db
group: files db
hosts: files nis dns
protocols: db files
services: db files
ethers: db files
rpc: db files
Did you consider the nss-ldapd module? It have a local LDAP proxy
(nslcd) doing the connections to the LDAP server, so it would have it
easier to keep track of the connection status.
How did yuo configure NSS?