[KLUG Members] LDAP fedora core, and cron

[Adam bultman]

>> On a red hat 7.3 machine, I was able to copy an existing file in
>> /etc/pam.d and get it working again, but on fedora core machines, it's
>> different, and I don't know what needs to be put into the cron file.
>
>
> I'd have to imagine it is an NSS problem.  Perhaps you have local UIDs
> defined
> on the FC3 box that are not on the RH73 box and these ranges overlap.
>
After googling a LOT more with some of the errors while dying:
Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnecting to LDAP
server...
Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnected to LDAP
server after 1 attempt(s)

I've found that this is a problem in the fedora core line, and the RHEL
line (some of them). 

I have a friend with a centos4 box that doesn't complain.



>> When I make my own file in /etc/pam.d and edit an LDAP user's crontab,
>> cron will die (crond's master process will croak) when the job runs and
>> I have to manually restart crond using the init scripts.
>
>
> I think this is not a PAM issue as PAM has nothing to do with CRON. 
> To invoke a
> job as a user CRON must be able to getpwent the user's information -
> which
> passes through NSS.
>
>> I haven't found much on the net for this - obscure debian bugs - and
>> I've found how to configure it on solaris (every document seems to have
>> solaris configured for LDAP and cron) but never linux in this regard.
>
>
> There is nothing what-so-ever special about using CRON on a directory
> enabled
> network or host.  The problem is almost certainly in the NSS
> configuration.

Well, I'm not sure what to look for.  Some of the sites I've seen refer
to nss_ldap (I think... I closed the pages now) but none of them have
any resolutions.

Steps to kill cron:
1. Start crond.
2. Edit an LDAP user's crontab.
3. Save and exit. Watch cron die.

Adam, if I pasted in my nsswitch.conf file, would it help?

Adam