Bug#647978: nslcd slows down everything when I unplug my notebook from network
On Fri, 2011-11-18 at 15:55 +1100, Jiri Kanicky wrote: Another good repro of the problem is that I login using cached credentials, open Konsole (in KDE) and type su. There is waiting period of aprox. 5 seconds, then error. (does not even offer to type the password) I understand you are caching with nscd and libpam-ccreds. There are some known issues with interaction between the NSS module and nscd where the cache may end up being invalidated. It seems that if an NSS module returns a temporary error code instead of a permanent failure code nscd uses a cached value instead of reporting an error. That could explain some of the issues you're having. Some background on this issue can be found here: http://sources.redhat.com/bugzilla/show_bug.cgi?id=2132 I you are willing to test, I can provide a patch that make the NSS module return a different error code. Another thing is the delays. Since nslcd always tries to connect to the LDAP server several times on failures there will always be some delay. However, nslcd should fail rather quickly if connecting to the LDAP server failed before. You can tune the delay with the bind_timelimit, timelimit, reconnect_sleeptime and reconnect_retrytime options. Kind regards, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#647978: nslcd slows down everything when I unplug my notebook from network
On 10/11/11 10:59, Jiri Kanicky wrote: On 10/11/11 06:46, Arthur de Jong wrote: On Wed, 2011-11-09 at 10:47 +1100, Jiri Kanicky wrote: I also noticed that if I am off-line, I am not able to fully login to my window manager (xfce4, kde4). The login part seems to finish successfully and I receive a message that I am using cached credentials, however the screen stays black after that. nslcd logs problems to find the LDAP again. If I stop the nslcd service, before the login, the windows manager comes up no problem. This is probably related to the earlier problem but output from nslcd -d during such a login would help. Could you also include /etc/nsswitch.conf and information about your PAM stack? Thanks, Hi. I also have got problem to unlock my screen. The following messages are logged. It takes long time to unlock in (KDE) and I have to press the unlock button several times. Nov 10 10:52:41 knightrider nslcd[2103]: [4a481a] authc=ganomil failed to bind to LDAP server ldap://maverick.allsupp.corp: Can't contact LDAP server: Connection timed out Nov 10 10:52:41 knightrider nslcd[2103]: [4a481a] authc=ganomil no available LDAP server found: Can't contact LDAP server Nov 10 10:52:41 knightrider nslcd[2103]: [4a481a] authc=ganomil ganomil: user not found: Can't contact LDAP server Nov 10 10:52:41 knightrider ccreds_chkpwd: Libgcrypt warning: missing initialization - please fix the application Nov 10 10:52:46 knightrider nslcd[2103]: [9478fe] authc=ganomil no available LDAP server found: Server is unavailable Nov 10 10:52:46 knightrider nslcd[2103]: [9478fe] authc=ganomil ganomil: user not found: Server is unavailable Nov 10 10:52:46 knightrider ccreds_chkpwd: Libgcrypt warning: missing initialization - please fix the application # cat /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap hosts: files dns ldap networks: files protocols: db files services: db files ethers: db files rpc:db files # cat /etc/nscd.conf # # /etc/nscd.conf # # An example Name Service Cache config file. This file is needed by nscd. # # Legal entries are: # # logfile file # debug-level level # threads initial #threads to use # max-threads maximum #threads to use # server-user user to run server as instead of root # server-user is ignored if nscd is started with -S parameters # stat-user user who is allowed to request statistics # reload-countunlimited|number # paranoia yes|no # restart-interval time in seconds # # enable-cache service yes|no # positive-time-to-live service time in seconds # negative-time-to-live service time in seconds # suggested-size service prime number # check-files service yes|no # persistent service yes|no # shared service yes|no # max-db-size service number bytes # auto-propagate service yes|no # # Currently supported cache names (services): passwd, group, hosts, services # # logfile /var/log/nscd.log # threads 4 # max-threads 32 # server-user nobody # stat-user somebody debug-level 0 reload-countunlimited paranoiano # restart-interval3600 enable-cachepasswd yes positive-time-to-live passwd 2592000 negative-time-to-live passwd 20 suggested-size passwd 211 check-files passwd yes persistent passwd yes shared passwd yes max-db-size passwd 33554432 auto-propagate passwd yes enable-cachegroup yes positive-time-to-live group 2592000 negative-time-to-live group 60 suggested-size group 211 check-files group yes persistent group yes shared group yes max-db-size group 33554432 auto-propagate group yes # hosts caching is broken with gethostby* calls, hence is now disabled # per default. See /usr/share/doc/nscd/NEWS.Debian. enable-cachehosts no positive-time-to-live hosts 2592000 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432 enable-cacheservices
Bug#647978: nslcd slows down everything when I unplug my notebook from network
On Wed, 2011-11-09 at 10:47 +1100, Jiri Kanicky wrote: I also noticed that if I am off-line, I am not able to fully login to my window manager (xfce4, kde4). The login part seems to finish successfully and I receive a message that I am using cached credentials, however the screen stays black after that. nslcd logs problems to find the LDAP again. If I stop the nslcd service, before the login, the windows manager comes up no problem. This is probably related to the earlier problem but output from nslcd -d during such a login would help. Could you also include /etc/nsswitch.conf and information about your PAM stack? Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#647978: nslcd slows down everything when I unplug my notebook from network
On 10/11/11 06:46, Arthur de Jong wrote: On Wed, 2011-11-09 at 10:47 +1100, Jiri Kanicky wrote: I also noticed that if I am off-line, I am not able to fully login to my window manager (xfce4, kde4). The login part seems to finish successfully and I receive a message that I am using cached credentials, however the screen stays black after that. nslcd logs problems to find the LDAP again. If I stop the nslcd service, before the login, the windows manager comes up no problem. This is probably related to the earlier problem but output from nslcd -d during such a login would help. Could you also include /etc/nsswitch.conf and information about your PAM stack? Thanks, Hi. I also have got problem to unlock my screen. The following messages are logged. It takes long time to unlock in (KDE) and I have to press the unlock button several times. Nov 10 10:52:41 knightrider nslcd[2103]: [4a481a] authc=ganomil failed to bind to LDAP server ldap://maverick.allsupp.corp: Can't contact LDAP server: Connection timed out Nov 10 10:52:41 knightrider nslcd[2103]: [4a481a] authc=ganomil no available LDAP server found: Can't contact LDAP server Nov 10 10:52:41 knightrider nslcd[2103]: [4a481a] authc=ganomil ganomil: user not found: Can't contact LDAP server Nov 10 10:52:41 knightrider ccreds_chkpwd: Libgcrypt warning: missing initialization - please fix the application Nov 10 10:52:46 knightrider nslcd[2103]: [9478fe] authc=ganomil no available LDAP server found: Server is unavailable Nov 10 10:52:46 knightrider nslcd[2103]: [9478fe] authc=ganomil ganomil: user not found: Server is unavailable Nov 10 10:52:46 knightrider ccreds_chkpwd: Libgcrypt warning: missing initialization - please fix the application # cat /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap hosts: files dns ldap networks: files protocols: db files services: db files ethers: db files rpc:db files # cat /etc/nscd.conf # # /etc/nscd.conf # # An example Name Service Cache config file. This file is needed by nscd. # # Legal entries are: # # logfile file # debug-level level # threads initial #threads to use # max-threads maximum #threads to use # server-user user to run server as instead of root # server-user is ignored if nscd is started with -S parameters # stat-user user who is allowed to request statistics # reload-countunlimited|number # paranoia yes|no # restart-interval time in seconds # # enable-cache service yes|no # positive-time-to-live service time in seconds # negative-time-to-live service time in seconds # suggested-size service prime number # check-files service yes|no # persistent service yes|no # shared service yes|no # max-db-size service number bytes # auto-propagate service yes|no # # Currently supported cache names (services): passwd, group, hosts, services # # logfile /var/log/nscd.log # threads 4 # max-threads 32 # server-user nobody # stat-user somebody debug-level 0 reload-countunlimited paranoiano # restart-interval3600 enable-cachepasswd yes positive-time-to-live passwd 2592000 negative-time-to-live passwd 20 suggested-size passwd 211 check-files passwd yes persistent passwd yes shared passwd yes max-db-size passwd 33554432 auto-propagate passwd yes enable-cachegroup yes positive-time-to-live group 2592000 negative-time-to-live group 60 suggested-size group 211 check-files group yes persistent group yes shared group yes max-db-size group 33554432 auto-propagate group yes # hosts caching is broken with gethostby* calls, hence is now disabled # per default. See /usr/share/doc/nscd/NEWS.Debian. enable-cachehosts no positive-time-to-live hosts 2592000 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432 enable-cacheservicesyes positive-time-to-live services
Bug#647978: nslcd slows down everything when I unplug my notebook from network
On Tue, 2011-11-08 at 13:06 +1100, Jiri Kanicky wrote: When I unplug notebook from my network, nslcd is not able to contact LDAP server and some task like clicking on logout takes long time and the following errors are reported. I believe that the nslcd is waiting for responce, and than the task can proceed, but it should not work like that. In Windows, I also do not wait for tasks when I work offline. If you want to support off-line operation you either have to have a local replica of the LDAP server of perform some caching with nscd (or something else). Currently nss-pam-ldapd does not implement caching. If the connection to your LDAP server is normally reliable, you could tune the timing settings to something like this: bind_timelimit 3 timelimit 3 reconnect_sleeptime 1 reconnect_retrytime 3 This ensures that unavailability of the LDAP server is recorded quickly. Nov 8 12:46:24 knightrider nslcd[2146]: [e3dfe6] passwd=10001 no available LDAP server found: Server is unavailable It is a bit strange that this query is retried so often because I would expect nscd to have cached the result. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#647978: nslcd slows down everything when I unplug my notebook from network
On 09/11/11 09:08, Arthur de Jong wrote: On Tue, 2011-11-08 at 13:06 +1100, Jiri Kanicky wrote: When I unplug notebook from my network, nslcd is not able to contact LDAP server and some task like clicking on logout takes long time and the following errors are reported. I believe that the nslcd is waiting for responce, and than the task can proceed, but it should not work like that. In Windows, I also do not wait for tasks when I work offline. If you want to support off-line operation you either have to have a local replica of the LDAP server of perform some caching with nscd (or something else). Currently nss-pam-ldapd does not implement caching. If the connection to your LDAP server is normally reliable, you could tune the timing settings to something like this: bind_timelimit 3 timelimit 3 reconnect_sleeptime 1 reconnect_retrytime 3 This ensures that unavailability of the LDAP server is recorded quickly. Nov 8 12:46:24 knightrider nslcd[2146]: [e3dfe6]passwd=10001 no available LDAP server found: Server is unavailable It is a bit strange that this query is retried so often because I would expect nscd to have cached the result. Thanks, Hi. I use nscd for caching. I also noticed that if I am off-line, I am not able to fully login to my window manager (xfce4, kde4). The login part seems to finish successfully and I receive a message that I am using cached credentials, however the screen stays black after that. nslcd logs problems to find the LDAP again. If I stop the nslcd service, before the login, the windows manager comes up no problem. Something does not seems to work correctly with nslcd... Thank you for looking into this. Jiri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#647978: nslcd slows down everything when I unplug my notebook from network
Package: nslcd Version: 0.8.4 Severity: important Dear Maintainer, When I unplug notebook from my network, nslcd is not able to contact LDAP server and some task like clicking on logout takes long time and the following errors are reported. I believe that the nslcd is waiting for responce, and than the task can proceed, but it should not work like that. In Windows, I also do not wait for tasks when I work offline. ov 8 12:46:24 knightrider nslcd[2146]: [bb2b99] passwd=10001 no available LDAP server found: Can't contact LDAP server Nov 8 12:46:24 knightrider nslcd[2146]: [e3dfe6] passwd=10001 no available LDAP server found: Server is unavailable Nov 8 12:46:24 knightrider nslcd[2146]: [5b37f3] passwd=10001 no available LDAP server found: Server is unavailable Nov 8 12:46:24 knightrider nslcd[2146]: [db7e02] passwd=10001 no available LDAP server found: Server is unavailable Nov 8 12:46:24 knightrider nslcd[2146]: [7ec0c4] passwd=10001 no available LDAP server found: Server is unavailable Nov 8 12:46:24 knightrider nslcd[2146]: [73bb22] passwd=10001 no available LDAP server found: Server is unavailable Nov 8 12:46:24 knightrider nslcd[2146]: [9e1dd3] passwd=10001 no available LDAP server found: Server is unavailable Nov 8 12:46:24 knightrider nslcd[2146]: [d141cc] passwd=10001 no available LDAP server found: Server is unavailable Nov 8 12:46:46 knightrider nslcd[2146]: [f9357a] passwd=-1 failed to bind to LDAP server ldap://maverick.allsupp.corp: Can't contact LDAP server: Connection timed out -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nslcd depends on: ii adduser3.113 ii debconf [debconf-2.0] 1.5.41 ii libc6 2.13-21 ii libgssapi-krb5-2 1.9.1+dfsg-3 ii libldap-2.4-2 2.4.25-4 Versions of packages nslcd recommends: ii bind9-host [host] 1:9.7.3.dfsg-1+b1 ii host1:9.8.1.dfsg-1 ii ldap-utils 2.4.25-4 ii libnss-ldapd [libnss-ldap] 0.8.4 ii libpam-krb5 4.4-3 ii libpam-ldapd [libpam-ldap] 0.8.4 ii nscd2.13-21 Versions of packages nslcd suggests: pn kstart none -- debconf information: nslcd/ldap-sasl-realm: nslcd/ldap-starttls: false nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt nslcd/ldap-auth-type: none nslcd/ldap-reqcert: * nslcd/ldap-uris: ldap://maverick.allsupp.corp nslcd/ldap-sasl-secprops: nslcd/ldap-binddn: nslcd/ldap-sasl-authcid: nslcd/ldap-sasl-mech: * nslcd/ldap-base: dc=allsupp,dc=corp nslcd/ldap-sasl-authzid: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org