On Monday, January 10, 2011 06:50:22 pm you wrote:
> Is it possible to have a mix of both LDAP-authenticated and
> locally-authenticated users on the same Linux system?
>
> The LDAP Server that would be accessed is either a Windows Active Directory
> or a Novell Meta-Directory Server. I'm not sure which is actually being
> used today.
Others have answered this, but there's a couple of points I'd like to add:
1) You should *always* make your "root" user a local user (defined in
/etc/passwd). If you don't and there's a network problem, you won't be able
to log in. This implies that /etc/nsswitch should always list "files" as a
service for the "passwd", "shadow" and "group" databases.
2) Lookups from Active Directory can require several searches to wade through
Microsoft's forest of directory entries. If your link to the AD server is
slow (as on some of my remote systems), lookups can take several seconds.
This isn't bad on logins, but you're also doing lookups every time you have to
translate a UID to a user name, which means every "ls -l" or "ps" command does
these lookups. If performance is bad, run the Name Service Cache Daemon
(nscd) by doing "service nscd start && insmod nscd". This will speed things
up again for you.
- MacK.
-----
Edmund R. MacKenty
Software Architect
Rocket Software
275 Grove Street - Newton, MA 02466-2272 - USA
Tel: +1.617.614.4321
Email: [email protected]
Web: www.rocketsoftware.com
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
