[KLUG Members] LDAP fedora core, and cron

Adam Tauno Williams awilliam at whitemice.org
Thu Nov 10 16:02:26 EST 2005

Previous message: [KLUG Members] LDAP fedora core, and cron
Next message: [KLUG Members] LDAP fedora core, and cron
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>> On a red hat 7.3 machine, I was able to copy an existing file in
>>> /etc/pam.d and get it working again, but on fedora core machines, it's
>>> different, and I don't know what needs to be put into the cron file.
>> I'd have to imagine it is an NSS problem.  Perhaps you have local UIDs
>> defined
>> on the FC3 box that are not on the RH73 box and these ranges overlap.
> After googling a LOT more with some of the errors while dying:
> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnecting to LDAP
> server...
> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnected to LDAP
> server after 1 attempt(s)
> I've found that this is a problem in the fedora core line, and the RHEL
> line (some of them).
> I have a friend with a centos4 box that doesn't complain.

I'm not terribly suprised.  RH has for a very long time been providing 
extremely
out of data LDAP packages, including shipping versions of OpenLDAP that are
almost two *years* old.

If you want a very LDAP friendly distribution use SuSe.  Even bind and 
dhcp ship
with LDAP support enabled and the OpenLDAP packages are quite current.

>> There is nothing what-so-ever special about using CRON on a directory
>> enabled
>> network or host.  The problem is almost certainly in the NSS
>> configuration.
> Well, I'm not sure what to look for.  Some of the sites I've seen refer
> to nss_ldap (I think... I closed the pages now) but none of them have
> any resolutions.
> Steps to kill cron:
> 1. Start crond.
> 2. Edit an LDAP user's crontab.
> 3. Save and exit. Watch cron die.
> Adam, if I pasted in my nsswitch.conf file, would it help?

There isn't much in nsswitch.conf.  Just "passwd: files ldap\ngroup: files
ldap".  Are you running nscd?  If so, stop it, as that vintage of nscd is
notoriously unstable.  Also see if you can build a current version of the NSS
module from www.padl.com and replace the one in /usr/lib  (7.3 is very 
old, and
LDAP was a very new thing back in those days).  Test with the "id" 
command that
you can actually enumerate a user's information.

Previous message: [KLUG Members] LDAP fedora core, and cron
Next message: [KLUG Members] LDAP fedora core, and cron
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list