You very likely are simply misconfigured, but I'll not yet drop the severity to a more apropriate value.
> The ldap entry on nsswitch.conf for ldap authentication like: > > passwd: compat ldap Why compat ... if you aren't using NIS/NIS+, that should be 'files ldap' > group: compat ldap > shadow: compat ldap > > cause the whole system hang. The system loaded til gdm, but I just got an X > mouse pointer. The system doesn't response any keyboard command, so that I > can't kill the Xserver through ctrl+alt+backspace. I can't go to the terminal > with ctrl+alt+f1-f6 too. Over SSH there is no connection to the system, > because the system is hanging. >> OK thank you for the Info! There should be informatitve messages in /var/log/auth.log, and possibly /var/log/syslog... I can't be of much use without seeing some of them. syslog Jan 4 20:37:59 ares NetworkManager: <info> wlan0: Device is fully-supported using driver 'iwl3945'. Jan 4 20:37:59 ares NetworkManager: <info> wlan0: driver supports SSID scans (scan_capa 0x01). Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): waiting for device's worker thread to start Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): device's worker thread started, continuing. Jan 4 20:37:59 ares NetworkManager: <info> Now managing wireless (802.11) device 'wlan0'. Jan 4 20:37:59 ares NetworkManager: <info> Deactivating device wlan0. Jan 4 20:37:59 ares NetworkManager: <info> eth0: Device is fully-supported using driver 'tg3'. Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): waiting for device's worker thread to start Jan 4 20:37:59 ares NetworkManager: <info> nm_device_init(): device's worker thread started, continuing. Jan 4 20:37:59 ares NetworkManager: <info> Now managing wired Ethernet (802.3) device 'eth0'. Jan 4 20:37:59 ares NetworkManager: <info> Deactivating device eth0. Jan 4 20:37:59 ares avahi-daemon[3299]: Withdrawing address record for 10.19.8.182 on eth0. Jan 4 20:37:59 ares avahi-daemon[3299]: Leaving mDNS multicast group on interface eth0.IPv4 with address 10.19.8.182. Jan 4 20:37:59 ares avahi-daemon[3299]: Interface eth0.IPv4 no longer relevant for mDNS. Jan 4 20:37:59 ares NetworkManager: <info> Will activate wired connection 'eth0' because it now has a link. Jan 4 20:37:59 ares NetworkManager: <info> SWITCH: no current connection, found better connection 'eth0'. Jan 4 20:37:59 ares dhcdbd: message_handler: message handler not found under /com/redhat/dhcp/eth0 for sub-path eth0.dbus.get.reason Jan 4 20:37:59 ares NetworkManager: <info> Will activate connection 'eth0'. Jan 4 20:37:59 ares NetworkManager: <info> Device eth0 activation scheduled... Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) started... Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled... Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) started... Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) scheduled... Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) complete. Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) starting... Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) successful. Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) scheduled. Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) complete. Jan 4 20:37:59 ares NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) started... Jan 4 20:38:00 ares NetworkManager: <info> Activation (eth0) Beginning DHCP transaction. Jan 4 20:38:00 ares anacron[3466]: Anacron 2.3 started on 2009-01-04 Jan 4 20:38:01 ares anacron[3466]: Normal exit (0 jobs run) Jan 4 20:38:01 ares acpid: client connected from 3450[0:0] Jan 4 20:38:01 ares /usr/sbin/cron[3496]: (CRON) INFO (pidfile fd = 3) Jan 4 20:38:01 ares /usr/sbin/cron[3497]: (CRON) STARTUP (fork ok) Jan 4 20:38:01 ares /usr/sbin/cron[3497]: (CRON) INFO (Running @reboot jobs) Jan 4 20:38:04 ares kernel: [ 34.572265] [drm] Initialized drm 1.1.0 20060810 Jan 4 20:38:04 ares kernel: [ 34.586845] pci 0000:00:02.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16 Jan 4 20:38:04 ares kernel: [ 34.586854] pci 0000:00:02.0: setting latency timer to 64 Jan 4 20:38:04 ares kernel: [ 34.587121] [drm] Initialized i915 1.6.0 20080730 on minor 0 Jan 4 20:38:04 ares NetworkManager: <info> Error getting killswitch power: org.freedesktop.DBus.Error.NoReply - Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Jan 4 20:38:04 ares NetworkManager: <info> Wireless now enabled by radio killswitch Jan 4 20:38:10 ares NetworkManager: <info> Old device 'eth0' activating, won't change. Jan 4 20:38:13 ares shutdown[3608]: shutting down for system halt Jan 4 20:44:57 ares kernel: imklog 3.18.6, log source = /proc/kmsg started. auth.log Jan 4 20:29:28 ares groupadd[28393]: new group: name=nslcd, GID=124 Jan 4 20:29:28 ares useradd[28399]: new user: name=nslcd, UID=115, GID=124, home=/var/run/nslcd/, shell=/bin/false Jan 4 20:29:28 ares usermod[28404]: change user `nslcd' password Jan 4 20:29:28 ares chage[28409]: changed password expiry for nslcd Jan 4 20:29:29 ares chfn[28414]: changed user `nslcd' information Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:588) received order to close things Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:590) No volumes to umount Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:634) pam_mount execution complete Jan 4 20:32:02 ares gdm[4323]: pam_unix(gdm:session): unrecognized option [use_authok] Jan 4 20:32:02 ares gdm[4323]: pam_unix(gdm:session): session closed for user daniel Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:109) Clean global config (0) Jan 4 20:32:02 ares gdm[4323]: pam_mount(pam_mount.c:126) clean system authtok=0x101b4b0 (0) Jan 4 20:32:02 ares gnome-keyring-daemon[4574]: failed to shutdown HAL context: (null) Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:588) received order to close things Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:590) No volumes to umount Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:634) pam_mount execution complete Jan 4 20:32:04 ares su[4818]: pam_unix(su:session): unrecognized option [use_authok] Jan 4 20:32:04 ares su[4818]: pam_unix(su:session): session closed for user root Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:109) Clean global config (0) Jan 4 20:32:04 ares su[4818]: pam_mount(pam_mount.c:126) clean system authtok=0x1423400 (0) Jan 4 20:32:56 ares sshd[2854]: Server listening on 0.0.0.0 port 22. Jan 4 20:37:49 ares sshd[2794]: Server listening on 0.0.0.0 port 22. Jan 4 20:37:52 ares sshd[2794]: Received SIGHUP; restarting. Jan 4 20:37:52 ares sshd[3268]: Server listening on 0.0.0.0 port 22. Jan 4 20:44:58 ares sshd[2860]: Server listening on 0.0.0.0 port 22. >> If I remove the ldap entry on nsswitch.conf, the system works normally. 1) boot up without LDAP auth 2) add ldap to nsswitch.conf 3) getent passwd <some valid user in ldap> 4) tweak /etc/libnss-ldap.conf until 3 works Once that all is working, the next cause of hang is based upon installed package set - and their daemon user entries in /etc/passwd. >> As I written on my 1st post. I can log on with my LDAP Account if I change >> the nsswitch.conf after booting. So this all works. You will need to add and tweak the following line in libnss-ldap.conf: nss_initgroups_ignoreusers root,openldap,.... IE: if gdm hangs, and there is a system userid for the gdm daemon, add its name to the ignoreusers line. >> I've already insert it, but my system still hang after reboot. ??? <-- >> Confused. >> # Just assume that there are no supplemental groups for these named users >> nss_initgroups_ignoreusers root,avahi,haldaemon,gdm Why isn't the line already there and correct ? It would require going through the entire archive and scanning init.d files for anything that might possibly start before nscd (if installed), or the local slapd daemon (if installed) and adding those daemon users to the line... That is necessary, but not sufficient in that the sysadmin may change start order :( I'd actually recommend you do what I have done - install libnss-ldapd instead. >> already installed, you can see it on auth.log. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org