[KLUG Members] LDAP fedora core, and cron

[Adam bultman]

Adam Tauno Williams wrote:

>>>> On a red hat 7.3 machine, I was able to copy an existing file in
>>>> /etc/pam.d and get it working again, but on fedora core machines, it's
>>>> different, and I don't know what needs to be put into the cron file.
>>>
>>> I'd have to imagine it is an NSS problem.  Perhaps you have local UIDs
>>> defined
>>> on the FC3 box that are not on the RH73 box and these ranges overlap.
>>
>> After googling a LOT more with some of the errors while dying:
>> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnecting to LDAP
>> server...
>> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnected to LDAP
>> server after 1 attempt(s)
>> I've found that this is a problem in the fedora core line, and the RHEL
>> line (some of them).
>> I have a friend with a centos4 box that doesn't complain.
>
>
> I'm not terribly suprised.  RH has for a very long time been providing
> extremely
> out of data LDAP packages, including shipping versions of OpenLDAP
> that are
> almost two *years* old.
>
> If you want a very LDAP friendly distribution use SuSe.  Even bind and
> dhcp ship
> with LDAP support enabled and the OpenLDAP packages are quite current.
>
Distribution decisons aren't mine; besides - this is an existing server.
I'm pretty sure the customers would be pissed if I took their servers
down to put a different distro on 'em...


>>> There is nothing what-so-ever special about using CRON on a directory
>>> enabled
>>> network or host.  The problem is almost certainly in the NSS
>>> configuration.
>>
>> Well, I'm not sure what to look for.  Some of the sites I've seen refer
>> to nss_ldap (I think... I closed the pages now) but none of them have
>> any resolutions.
>> Steps to kill cron:
>> 1. Start crond.
>> 2. Edit an LDAP user's crontab.
>> 3. Save and exit. Watch cron die.
>> Adam, if I pasted in my nsswitch.conf file, would it help?
>
>
> There isn't much in nsswitch.conf.  Just "passwd: files ldap\ngroup:
> files
> ldap".  Are you running nscd?  If so, stop it, as that vintage of nscd is
> notoriously unstable.  Also see if you can build a current version of
> the NSS
> module from www.padl.com and replace the one in /usr/lib  (7.3 is very
> old, and
> LDAP was a very new thing back in those days).  Test with the "id"
> command that
> you can actually enumerate a user's information.
>
> _____________________

The 7.3 server works just fine! That's the real knife-twister here.  The
fedora core 1 server is the one pitching the fits. I'll toss the idea of
recompiling the nss module to the others and see what they say. 

thanks.

Adam

> __________________________


> Members mailing list
> Members at kalamazoolinux.org
>