[KLUG Members] LDAP fedora core, and cron
Adam Tauno Williams
awilliam at whitemice.org
Thu Nov 10 16:02:26 EST 2005
>>> On a red hat 7.3 machine, I was able to copy an existing file in
>>> /etc/pam.d and get it working again, but on fedora core machines, it's
>>> different, and I don't know what needs to be put into the cron file.
>> I'd have to imagine it is an NSS problem. Perhaps you have local UIDs
>> defined
>> on the FC3 box that are not on the RH73 box and these ranges overlap.
> After googling a LOT more with some of the errors while dying:
> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnecting to LDAP
> server...
> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnected to LDAP
> server after 1 attempt(s)
> I've found that this is a problem in the fedora core line, and the RHEL
> line (some of them).
> I have a friend with a centos4 box that doesn't complain.
I'm not terribly suprised. RH has for a very long time been providing
extremely
out of data LDAP packages, including shipping versions of OpenLDAP that are
almost two *years* old.
If you want a very LDAP friendly distribution use SuSe. Even bind and
dhcp ship
with LDAP support enabled and the OpenLDAP packages are quite current.
>> There is nothing what-so-ever special about using CRON on a directory
>> enabled
>> network or host. The problem is almost certainly in the NSS
>> configuration.
> Well, I'm not sure what to look for. Some of the sites I've seen refer
> to nss_ldap (I think... I closed the pages now) but none of them have
> any resolutions.
> Steps to kill cron:
> 1. Start crond.
> 2. Edit an LDAP user's crontab.
> 3. Save and exit. Watch cron die.
> Adam, if I pasted in my nsswitch.conf file, would it help?
There isn't much in nsswitch.conf. Just "passwd: files ldap\ngroup: files
ldap". Are you running nscd? If so, stop it, as that vintage of nscd is
notoriously unstable. Also see if you can build a current version of the NSS
module from www.padl.com and replace the one in /usr/lib (7.3 is very
old, and
LDAP was a very new thing back in those days). Test with the "id"
command that
you can actually enumerate a user's information.
More information about the Members
mailing list