[KLUG Members] LDAP fedora core, and cron
Adam bultman
adamb at glaven.org
Thu Nov 10 19:22:59 EST 2005
Adam Tauno Williams wrote:
>>>> On a red hat 7.3 machine, I was able to copy an existing file in
>>>> /etc/pam.d and get it working again, but on fedora core machines, it's
>>>> different, and I don't know what needs to be put into the cron file.
>>>
>>> I'd have to imagine it is an NSS problem. Perhaps you have local UIDs
>>> defined
>>> on the FC3 box that are not on the RH73 box and these ranges overlap.
>>
>> After googling a LOT more with some of the errors while dying:
>> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnecting to LDAP
>> server...
>> Nov 10 12:30:00 zirconium crond[8212]: nss_ldap: reconnected to LDAP
>> server after 1 attempt(s)
>> I've found that this is a problem in the fedora core line, and the RHEL
>> line (some of them).
>> I have a friend with a centos4 box that doesn't complain.
>
>
> I'm not terribly suprised. RH has for a very long time been providing
> extremely
> out of data LDAP packages, including shipping versions of OpenLDAP
> that are
> almost two *years* old.
>
> If you want a very LDAP friendly distribution use SuSe. Even bind and
> dhcp ship
> with LDAP support enabled and the OpenLDAP packages are quite current.
>
Distribution decisons aren't mine; besides - this is an existing server.
I'm pretty sure the customers would be pissed if I took their servers
down to put a different distro on 'em...
>>> There is nothing what-so-ever special about using CRON on a directory
>>> enabled
>>> network or host. The problem is almost certainly in the NSS
>>> configuration.
>>
>> Well, I'm not sure what to look for. Some of the sites I've seen refer
>> to nss_ldap (I think... I closed the pages now) but none of them have
>> any resolutions.
>> Steps to kill cron:
>> 1. Start crond.
>> 2. Edit an LDAP user's crontab.
>> 3. Save and exit. Watch cron die.
>> Adam, if I pasted in my nsswitch.conf file, would it help?
>
>
> There isn't much in nsswitch.conf. Just "passwd: files ldap\ngroup:
> files
> ldap". Are you running nscd? If so, stop it, as that vintage of nscd is
> notoriously unstable. Also see if you can build a current version of
> the NSS
> module from www.padl.com and replace the one in /usr/lib (7.3 is very
> old, and
> LDAP was a very new thing back in those days). Test with the "id"
> command that
> you can actually enumerate a user's information.
>
> _____________________
The 7.3 server works just fine! That's the real knife-twister here. The
fedora core 1 server is the one pitching the fits. I'll toss the idea of
recompiling the nss module to the others and see what they say.
thanks.
Adam
> __________________________
> Members mailing list
> Members at kalamazoolinux.org
>
More information about the Members
mailing list