Re: nsswitch.conf with ldap
On Mon, 8 May 2006 21:16:20 -0500 Dan Nelson <[EMAIL PROTECTED]> wrote: > In the last episode (May 08), Atom Powers said: > > On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > >> I don't know if it will help your problem, I'm struggling > > >> through my own pam/nss/ldap issues, but it is a part of the > > >> picture. > > > > > >I am curious. Do you run into problems with SSH and xterm, but > > >everything else works? That is what I am currently hitting. > > > > > >initgroups(kitsune,1001): Invalid argument > > man initgroups: > > ERRORS > The initgroups() function may fail and set errno for any of > the errors specified for the library function setgroups(2). > > man setgroups: > > [EINVAL] The number specified in the ngroups argument is larger > than the NGROUPS limit. > > Either get out of some groups, or raise NGROUPS (this may affect NFS > though). Yeah. I am going to have to raise it. In what way would it affect NFS? It says it is read only. Where would I change this at? Thanks for the info on this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On Tue, 09 May 2006 08:50:45 +0100 robert <[EMAIL PROTECTED]> wrote: > On Mon, 2006-05-08 at 18:44 -0500, Z.C.B. wrote: > > On Mon, 8 May 2006 16:31:04 -0700 > > "Atom Powers" <[EMAIL PROTECTED]> wrote: > > > > > On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > > > On Mon, 8 May 2006 08:27:33 -0700 > > > > "Atom Powers" <[EMAIL PROTECTED]> wrote: > > > > > > > > > On 5/7/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > > > > > On Wed, 18 Jan 2006 22:56:09 +0100 > > > > > > Dominique Goncalves <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > Why FreeBSD tries to use ldap database if my user > > > > > > > system is on files ? Thanks for the help. > > > > > > > > > > > > Did you ever find a fix for this? I am running into the > > > > > > same thing myself. > > > > > > > > > > Check your pam.d configuration, > > > > > particularly /etc/pam.d/login > > > > > > > > Probally a silly question, but how would that help with this > > > > problem? > > > > > > > > > > pam controls how each application, including "login" attempts to > > > authenticate. nss controls how user, host information is looked > > > up. > > > > > > I don't know if it will help your problem, I'm struggling > > > through my own pam/nss/ldap issues, but it is a part of the > > > picture. > > > > I am curious. Do you run into problems with SSH and xterm, but > > everything else works? That is what I am currently hitting. > > > > initgroups(kitsune,1001): Invalid argument > > > > Is what it is kicking into /var/log/messages. That is right after > > I authenticate. > > Not sure if this has a bearing on the problem. From the samba by > example web pages whenrefering to ldap: > > Some Linux systems (Novell SUSE Linux in particular) add entries to > the nsswitch.conf file that may cause operational problems with the > configuration methods adopted in this book. It is advisable to > comment out the entries passwd_compat and group_compat where they > are found in this file. > > I too have this problem. Logins worked ok with earlier versions. I > had a setup which worked fine (can't get at the machine at present) > that had no nis line present on the initial install, but when I > tried setting up another machine the nis line has appeared. From my > notes nsswitch.conf looked like this with an earlier version of > freebsd and worked ok: > > passwd: files ldap > shadow: files ldap > group: files ldap > hosts: files dns > networks: files > shells: files I am not using group_compat and passwd_compat with NIS. The following works perfectly fine unless I use xterm or ssh. I've not messed much with pam and ldap yet. I have it setup for auth, but that is all. group: files nis hosts: files dns networks: files passwd: files ldap shells: files ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On Mon, 2006-05-08 at 18:44 -0500, Z.C.B. wrote: > On Mon, 8 May 2006 16:31:04 -0700 > "Atom Powers" <[EMAIL PROTECTED]> wrote: > > > On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > > On Mon, 8 May 2006 08:27:33 -0700 > > > "Atom Powers" <[EMAIL PROTECTED]> wrote: > > > > > > > On 5/7/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > > > > On Wed, 18 Jan 2006 22:56:09 +0100 > > > > > Dominique Goncalves <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > Why FreeBSD tries to use ldap database if my user system is > > > > > > on files ? Thanks for the help. > > > > > > > > > > Did you ever find a fix for this? I am running into the same > > > > > thing myself. > > > > > > > > Check your pam.d configuration, particularly /etc/pam.d/login > > > > > > Probally a silly question, but how would that help with this > > > problem? > > > > > > > pam controls how each application, including "login" attempts to > > authenticate. nss controls how user, host information is looked up. > > > > I don't know if it will help your problem, I'm struggling through my > > own pam/nss/ldap issues, but it is a part of the picture. > > I am curious. Do you run into problems with SSH and xterm, but > everything else works? That is what I am currently hitting. > > initgroups(kitsune,1001): Invalid argument > > Is what it is kicking into /var/log/messages. That is right after I > authenticate. Not sure if this has a bearing on the problem. From the samba by example web pages whenrefering to ldap: Some Linux systems (Novell SUSE Linux in particular) add entries to the nsswitch.conf file that may cause operational problems with the configuration methods adopted in this book. It is advisable to comment out the entries passwd_compat and group_compat where they are found in this file. I too have this problem. Logins worked ok with earlier versions. I had a setup which worked fine (can't get at the machine at present) that had no nis line present on the initial install, but when I tried setting up another machine the nis line has appeared. From my notes nsswitch.conf looked like this with an earlier version of freebsd and worked ok: passwd: files ldap shadow: files ldap group: files ldap hosts: files dns networks: files shells: files Now without the compat: nis line logins fail. Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On Mon, 8 May 2006 21:16:20 -0500 Dan Nelson <[EMAIL PROTECTED]> wrote: > In the last episode (May 08), Atom Powers said: > > On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > >> I don't know if it will help your problem, I'm struggling > > >> through my own pam/nss/ldap issues, but it is a part of the > > >> picture. > > > > > >I am curious. Do you run into problems with SSH and xterm, but > > >everything else works? That is what I am currently hitting. > > > > > >initgroups(kitsune,1001): Invalid argument > > man initgroups: > > ERRORS > The initgroups() function may fail and set errno for any of > the errors specified for the library function setgroups(2). > > man setgroups: > > [EINVAL] The number specified in the ngroups argument is larger > than the NGROUPS limit. > > Either get out of some groups, or raise NGROUPS (this may affect NFS > though). Nope. I built my LDAP user and group entries from my NIS group entries. If I put it back to "files nis" from "files ldap" it works. > > > Is what it is kicking into /var/log/messages. That is right > > > after I authenticate. > > > > No, my problem is with local login when the LDAP server is > > unavailable. It hangs for about two minutes before logging in. I > > think I've tracked this down to an nss timeout somewhere. > > Newer version of nss_ldap have timeout veriables to adjust this, but > your best solution would be to set up another ldap server and put > them both in your ldap.conf so you'll never be without one. It still waits. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On 5/8/06, Dan Nelson <[EMAIL PROTECTED]> wrote: In the last episode (May 08), Atom Powers said: > > No, my problem is with local login when the LDAP server is > unavailable. It hangs for about two minutes before logging in. I > think I've tracked this down to an nss timeout somewhere. Newer version of nss_ldap have timeout veriables to adjust this, but your best solution would be to set up another ldap server and put them both in your ldap.conf so you'll never be without one. Trying to, but even just half an hour ago ldap server 2 of 3 died, first hdd in the mirror failed, second has inconsistancies... I hate job security. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
In the last episode (May 08), Atom Powers said: > On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > >> I don't know if it will help your problem, I'm struggling through > >> my own pam/nss/ldap issues, but it is a part of the picture. > > > >I am curious. Do you run into problems with SSH and xterm, but > >everything else works? That is what I am currently hitting. > > > >initgroups(kitsune,1001): Invalid argument man initgroups: ERRORS The initgroups() function may fail and set errno for any of the errors specified for the library function setgroups(2). man setgroups: [EINVAL] The number specified in the ngroups argument is larger than the NGROUPS limit. Either get out of some groups, or raise NGROUPS (this may affect NFS though). > > Is what it is kicking into /var/log/messages. That is right after I > > authenticate. > > No, my problem is with local login when the LDAP server is > unavailable. It hangs for about two minutes before logging in. I > think I've tracked this down to an nss timeout somewhere. Newer version of nss_ldap have timeout veriables to adjust this, but your best solution would be to set up another ldap server and put them both in your ldap.conf so you'll never be without one. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > I don't know if it will help your problem, I'm struggling through my > own pam/nss/ldap issues, but it is a part of the picture. I am curious. Do you run into problems with SSH and xterm, but everything else works? That is what I am currently hitting. initgroups(kitsune,1001): Invalid argument Is what it is kicking into /var/log/messages. That is right after I authenticate. No, my problem is with local login when the LDAP server is unavailable. It hangs for about two minutes before logging in. I think I've tracked this down to an nss timeout somewhere. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On Mon, 8 May 2006 16:31:04 -0700 "Atom Powers" <[EMAIL PROTECTED]> wrote: > On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > On Mon, 8 May 2006 08:27:33 -0700 > > "Atom Powers" <[EMAIL PROTECTED]> wrote: > > > > > On 5/7/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > > > On Wed, 18 Jan 2006 22:56:09 +0100 > > > > Dominique Goncalves <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > Why FreeBSD tries to use ldap database if my user system is > > > > > on files ? Thanks for the help. > > > > > > > > Did you ever find a fix for this? I am running into the same > > > > thing myself. > > > > > > Check your pam.d configuration, particularly /etc/pam.d/login > > > > Probally a silly question, but how would that help with this > > problem? > > > > pam controls how each application, including "login" attempts to > authenticate. nss controls how user, host information is looked up. > > I don't know if it will help your problem, I'm struggling through my > own pam/nss/ldap issues, but it is a part of the picture. I am curious. Do you run into problems with SSH and xterm, but everything else works? That is what I am currently hitting. initgroups(kitsune,1001): Invalid argument Is what it is kicking into /var/log/messages. That is right after I authenticate. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On 5/8/06, Z.C.B. <[EMAIL PROTECTED]> wrote: On Mon, 8 May 2006 08:27:33 -0700 "Atom Powers" <[EMAIL PROTECTED]> wrote: > On 5/7/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > On Wed, 18 Jan 2006 22:56:09 +0100 > > Dominique Goncalves <[EMAIL PROTECTED]> wrote: > > > > > > > > Why FreeBSD tries to use ldap database if my user system is on > > > files ? Thanks for the help. > > > > Did you ever find a fix for this? I am running into the same thing > > myself. > > Check your pam.d configuration, particularly /etc/pam.d/login Probally a silly question, but how would that help with this problem? pam controls how each application, including "login" attempts to authenticate. nss controls how user, host information is looked up. I don't know if it will help your problem, I'm struggling through my own pam/nss/ldap issues, but it is a part of the picture. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On Mon, 8 May 2006 08:27:33 -0700 "Atom Powers" <[EMAIL PROTECTED]> wrote: > On 5/7/06, Z.C.B. <[EMAIL PROTECTED]> wrote: > > On Wed, 18 Jan 2006 22:56:09 +0100 > > Dominique Goncalves <[EMAIL PROTECTED]> wrote: > > > > > > > > Why FreeBSD tries to use ldap database if my user system is on > > > files ? Thanks for the help. > > > > Did you ever find a fix for this? I am running into the same thing > > myself. > > Check your pam.d configuration, particularly /etc/pam.d/login Probally a silly question, but how would that help with this problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On 5/7/06, Z.C.B. <[EMAIL PROTECTED]> wrote: On Wed, 18 Jan 2006 22:56:09 +0100 Dominique Goncalves <[EMAIL PROTECTED]> wrote: > > Why FreeBSD tries to use ldap database if my user system is on > files ? Thanks for the help. Did you ever find a fix for this? I am running into the same thing myself. Check your pam.d configuration, particularly /etc/pam.d/login -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nsswitch.conf with ldap
On Wed, 18 Jan 2006 22:56:09 +0100 Dominique Goncalves <[EMAIL PROTECTED]> wrote: > Hi, > > I'm trying to use ldap database in /etc/nsswitch.conf but FreeBSD > hangs on boot if it needs to bind a system user present in files, my > nsswitch.conf: > group: files ldap > group_compat: nis > hosts: files dns > networks: files > passwd: files ldap > passwd_compat: nis > shells: files > > Adding ldap after FreeBSD has started, everything works ok. > > I've done some test with truss on single user mode with and without > ldap in nsswitch.conf and binding a system user present in files and > it only works if there is no ldap in nsswitch.conf > > truss with ldap in nsswitch.conf: > http://djdomics.free.fr/FreeBSD/nss-w-ldap.txt truss without ldap > in nsswitch.conf: http://djdomics.free.fr/FreeBSD/nss-wo-ldap.txt > > I use: > FreeBSD djdomics.sceen.net 6.0-STABLE FreeBSD 6.0-STABLE #5: Thu Jan > 12 00:18:18 CET 2006 > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/DJDOMICS i386 > > According to nsswitch.conf(5) > The default criteria is to return on ``success'', and continue on > any- thing else (i.e, [success=return notfound=continue > unavail=continue tryagain=continue]). > > Why FreeBSD tries to use ldap database if my user system is on > files ? Thanks for the help. Did you ever find a fix for this? I am running into the same thing myself. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"