You very likely are simply misconfigured, but I'll not yet drop
the severity to a more apropriate value.
> The ldap entry on nsswitch.conf for ldap authentication like:
>
> passwd: compat ldap
Why compat ... if you aren't using NIS/NIS+, that should be 'files ldap'
> group: compat ldap
> shadow: compat ldap
>
> cause the whole system hang. The system loaded til gdm, but I just got an X
> mouse pointer. The system doesn't response any keyboard command, so that I
> can't kill the Xserver through ctrl+alt+backspace. I can't go to the terminal
> with ctrl+alt+f1-f6 too. Over SSH there is no connection to the system,
> because the system is hanging.
>> OK thank you for the Info!
There should be informatitve messages in /var/log/auth.log, and possibly
/var/log/syslog... I can't be of much use without seeing some of them.
syslog
Jan 4 20:37:59 ares NetworkManager: <info> wlan0: Device is fully-supported
using driver 'iwl3945'.
Jan 4 20:37:59 ares NetworkManager: <info> wlan0: driver supports SSID scans
(scan_capa 0x01).
Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): waiting for
device's worker thread to start
Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): device's worker
thread started, continuing.
Jan 4 20:37:59 ares NetworkManager: <info> Now managing wireless (802.11)
device 'wlan0'.
Jan 4 20:37:59 ares NetworkManager: <info> Deactivating device wlan0.
Jan 4 20:37:59 ares NetworkManager: <info> eth0: Device is fully-supported
using driver 'tg3'.
Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): waiting for
device's worker thread to start
Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): device's worker
thread started, continuing.
Jan 4 20:37:59 ares NetworkManager: <info> Now managing wired Ethernet
(802.3) device 'eth0'.
Jan 4 20:37:59 ares NetworkManager: <info> Deactivating device eth0.
Jan 4 20:37:59 ares avahi-daemon[3299]: Withdrawing address record for
10.19.8.182 on eth0.
Jan 4 20:37:59 ares avahi-daemon[3299]: Leaving mDNS multicast group on
interface eth0.IPv4 with address 10.19.8.182.
Jan 4 20:37:59 ares avahi-daemon[3299]: Interface eth0.IPv4 no longer relevant
for mDNS.
Jan 4 20:37:59 ares NetworkManager: <info> Will activate wired connection
'eth0' because it now has a link.
Jan 4 20:37:59 ares NetworkManager: <info> SWITCH: no current connection,
found better connection 'eth0'.
Jan 4 20:37:59 ares dhcdbd: message_handler: message handler not found under
/com/redhat/dhcp/eth0 for sub-path eth0.dbus.get.reason
Jan 4 20:37:59 ares NetworkManager: <info> Will activate connection 'eth0'.
Jan 4 20:37:59 ares NetworkManager: <info> Device eth0 activation scheduled...
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) started...
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 1 of 5
(Device Prepare) scheduled...
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 1 of 5
(Device Prepare) started...
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5
(Device Configure) scheduled...
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 1 of 5
(Device Prepare) complete.
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5
(Device Configure) starting...
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5
(Device Configure) successful.
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP
Configure Start) scheduled.
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5
(Device Configure) complete.
Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP
Configure Start) started...
Jan 4 20:38:00 ares NetworkManager: <info> Activation (eth0) Beginning DHCP
transaction.
Jan 4 20:38:00 ares anacron[3466]: Anacron 2.3 started on 2009-01-04
Jan 4 20:38:01 ares anacron[3466]: Normal exit (0 jobs run)
Jan 4 20:38:01 ares acpid: client connected from 3450[0:0]
Jan 4 20:38:01 ares /usr/sbin/cron[3496]: (CRON) INFO (pidfile fd = 3)
Jan 4 20:38:01 ares /usr/sbin/cron[3497]: (CRON) STARTUP (fork ok)
Jan 4 20:38:01 ares /usr/sbin/cron[3497]: (CRON) INFO (Running @reboot jobs)
Jan 4 20:38:04 ares kernel: [ 34.572265] [drm] Initialized drm 1.1.0 20060810
Jan 4 20:38:04 ares kernel: [ 34.586845] pci 0000:00:02.0: PCI INT A -> GSI
16 (level, low) -> IRQ 16
Jan 4 20:38:04 ares kernel: [ 34.586854] pci 0000:00:02.0: setting latency
timer to 64
Jan 4 20:38:04 ares kernel: [ 34.587121] [drm] Initialized i915 1.6.0
20080730 on minor 0
Jan 4 20:38:04 ares NetworkManager: <info> Error getting killswitch power:
org.freedesktop.DBus.Error.NoReply - Did not receive a reply. Possible causes
include: the remote application did not send a reply, the message bus security
policy blocked the reply, the reply timeout expired, or the network connection
was broken.
Jan 4 20:38:04 ares NetworkManager: <info> Wireless now enabled by radio
killswitch
Jan 4 20:38:10 ares NetworkManager: <info> Old device 'eth0' activating,
won't change.
Jan 4 20:38:13 ares shutdown[3608]: shutting down for system halt
Jan 4 20:44:57 ares kernel: imklog 3.18.6, log source = /proc/kmsg started.
auth.log
Jan 4 20:29:28 ares groupadd[28393]: new group: name=nslcd, GID=124
Jan 4 20:29:28 ares useradd[28399]: new user: name=nslcd, UID=115, GID=124,
home=/var/run/nslcd/, shell=/bin/false
Jan 4 20:29:28 ares usermod[28404]: change user `nslcd' password
Jan 4 20:29:28 ares chage[28409]: changed password expiry for nslcd
Jan 4 20:29:29 ares chfn[28414]: changed user `nslcd' information
Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:588) received order to
close things
Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:590) No volumes to umount
Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:634) pam_mount execution
complete
Jan 4 20:32:02 ares gdm[4323]: pam_unix(gdm:session): unrecognized option
[use_authok]
Jan 4 20:32:02 ares gdm[4323]: pam_unix(gdm:session): session closed for user
daniel
Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:109) Clean global config
(0)
Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:126) clean system
authtok=0x101b4b0 (0)
Jan 4 20:32:02 ares gnome-keyring-daemon[4574]: failed to shutdown HAL
context: (null)
Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:588) received order to
close things
Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:590) No volumes to umount
Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:634) pam_mount execution
complete
Jan 4 20:32:04 ares su[4818]: pam_unix(su:session): unrecognized option
[use_authok]
Jan 4 20:32:04 ares su[4818]: pam_unix(su:session): session closed for user
root
Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:109) Clean global config
(0)
Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:126) clean system
authtok=0x1423400 (0)
Jan 4 20:32:56 ares sshd[2854]: Server listening on 0.0.0.0 port 22.
Jan 4 20:37:49 ares sshd[2794]: Server listening on 0.0.0.0 port 22.
Jan 4 20:37:52 ares sshd[2794]: Received SIGHUP; restarting.
Jan 4 20:37:52 ares sshd[3268]: Server listening on 0.0.0.0 port 22.
Jan 4 20:44:58 ares sshd[2860]: Server listening on 0.0.0.0 port 22.
>> If I remove the ldap entry on nsswitch.conf, the system works normally.
1) boot up without LDAP auth
2) add ldap to nsswitch.conf
3) getent passwd <some valid user in ldap>
4) tweak /etc/libnss-ldap.conf until 3 works
Once that all is working, the next cause of hang is based upon
installed package set - and their daemon user entries in /etc/passwd.
>> As I written on my 1st post. I can log on with my LDAP Account if I change
>> the nsswitch.conf after booting. So this all works.
You will need to add and tweak the following line in libnss-ldap.conf:
nss_initgroups_ignoreusers root,openldap,....
IE: if gdm hangs, and there is a system userid for the gdm daemon, add
its name to the ignoreusers line.
>> I've already insert it, but my system still hang after reboot. ??? <--
>> Confused.
>> # Just assume that there are no supplemental groups for these named users
>> nss_initgroups_ignoreusers root,avahi,haldaemon,gdm
Why isn't the line already there and correct ?
It would require going through the entire archive and scanning init.d
files for anything that might possibly start before nscd (if installed),
or the local slapd daemon (if installed) and adding those daemon users
to the line... That is necessary, but not sufficient in that the
sysadmin may change start order :(
I'd actually recommend you do what I have done - install libnss-ldapd
instead.
>> already installed, you can see it on auth.log.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
