How to cache login in ldap clients !!! Please helpppp !!!!
Hey guys
iīve one big problem with nscd.conf this donīt work i tried many examples of configuration the nscd.conf simply donīt work when i stop the ldap server i try access by ssh on the client i canīt make logon.
And the database on /var/db/nscd donīt work.
follows below the conf of nscd.conf , nsswitch.conf
i donīt know what i doing wrong !!
please help !!!!
S.O red hat 5.7 64 Bit client
/etc/nsswitch.conf
Code:
passwd: db files ldap cache
shadow: db files ldap cache
group: db files ldap cache
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files ldap
networks: files ldap
protocols: db files
rpc: db files
services: db files
netgroup: files ldap
aliases: files ldap
sudoers: files ldap
/etc/nscd.conf
Code:
logfile /var/log/nscd.log
# threads 6
# max-threads 128
server-user nscd
# stat-user nocpulse
debug-level 0
reload-count unlimited
paranoia no
# restart-interval 3600
enable-cache passwd yes
positive-time-to-live passwd 60
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd no
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes
enable-cache group yes
positive-time-to-live group 60
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group no
shared group yes
max-db-size group 33554432
auto-propagate group yes
enable-cache hosts no
positive-time-to-live hosts 60
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432
thankīs !!!!!
Moderator's Comments:
Code tags for code, please.
---------- Post updated 07-26-12 at 02:50 PM ---------- Previous update was 07-25-12 at 03:54 PM ----------
i tested on client ldap the sssd but is donīt worked too good much
follow below configuration on /etc/sssd/sssd.conf * and /etc/nsswitch.conf remembering that nscd is offline.
/etc/sssd/sssd.conf:
Code:
[sssd]
config_file_version = 2
# Number of times services should attempt to reconnect in the
# event of a crash or restart before they give up
reconnection_retries = 3
# If a back end is particularly slow you can raise this timeout here
sbus_timeout = 30
services = nss, pam
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
; domains = LOCAL,LDAP
domains = default
[nss]
# The following prevents SSSD from searching for the root user/group in
# all domains (you can add here a comma-separated list of system accounts that
# are always going to be /etc/passwd users, or that you want to filter out).
filter_groups = ou=Group,dc=energia,dc=org,dc=br
filter_users = ou=People,dc=energia,dc=org,dc=br
reconnection_retries = 3
# The entry_cache_nowait_percentage indicates the percentage of the
# entry_cache_timeout to wait before updating the cache out-of-band.
# (NSS requests will still be returned from cache until the full
# entry_cache_timeout). Setting this value to 0 turns this feature
# off (default).
entry_cache_nowait_percentage = 300
[pam]
reconnection_retries = 3
# Example domain configurations
# Note that enabling enumeration in the following configurations will have a
# moderate performance impact while enumerations are actually running, and
# may increase the time necessary to detect network disconnection.
# Consequently, the default value for enumeration is FALSE.
# Refer to the sssd.conf man page for full details.
# Example LOCAL domain that stores all users natively in the SSSD internal
# directory. These local users and groups are not visible in /etc/passwd; it
# now contains only root and system accounts.
; [domain/LOCAL]
; description = LOCAL Users domain
; id_provider = local
; enumerate = true
; min_id = 500
; max_id = 999
# Example native LDAP domain
# ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute
# for group membership, or to "rfc2307bis", which uses the "member" attribute
# to denote group membership. Changes to this setting affect only how we
# determine the groups a user belongs to and will have no negative effect on
# data about the user itself. If you do not know this value, ask an
# administrator.
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://10.60.1.236
ldap_search_base = dc=energia,dc=org,dc=br
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400
# Example LDAP domain where the LDAP server is an Active Directory server.
; [domain/AD]
; description = LDAP domain with AD server
; enumerate = false
; min_id = 1000
;
; id_provider = ldap
; auth_provider = ldap
; ldap_uri = ldap://your.ad.server.com
; ldap_schema = rfc2307bis
; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
; ldap_default_authtok_type = password
; ldap_default_authtok = YOUR_PASSWORD
; ldap_user_object_class = person
; ldap_user_name = msSFU30Name
; ldap_user_uid_number = msSFU30UidNumber
; ldap_user_gid_number = msSFU30GidNumber
; ldap_user_home_directory = msSFU30HomeDirectory
; ldap_user_shell = msSFU30LoginShell
; ldap_user_principal = userPrincipalName
; ldap_group_object_class = group
; ldap_group_name = msSFU30Name
; ldap_group_gid_number = msSFU30GidNumber
; ldap_force_upper_case_realm = True
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/etc/nsswitch.conf
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: db files ldap sss
shadow: db files ldap sss
group: db files ldap sss
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files ldap
networks: files ldap
protocols: db files
rpc: db files
services: db files
netgroup: files ldap
#publickey: nisplus
#automount: files ldap
aliases: files ldap
sudoers: files ldap
automount: files ldap
log /var/log/messages
Jul 26 10:57:23 lxbi01 yum: Installed: openldap24-libs-devel-2.4.23-5.el5.x86_64
Jul 26 11:00:21 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 11:00:21 lxbi01 sssd: Cannot load configuration database
Jul 26 11:03:16 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 11:03:16 lxbi01 sssd: Cannot load configuration database
Jul 26 11:04:17 lxbi01 sssd: Cannot load configuration database
Jul 26 11:05:51 lxbi01 sssd: Cannot load configuration database
Jul 26 11:37:58 lxbi01 sssd: Cannot load configuration database
Jul 26 13:41:03 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 13:41:03 lxbi01 sssd: Cannot load configuration database
Last edited by Scott; 07-26-2012 at 06:03 PM..
Reason: Code tags, please...
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
I'm writing scripts to check for compliance with the DISA STIG. Several items refer to manually click-click-clicking to verify settings regarding LDAP or accounts like guest account disabled, "Allow Guests to connect to shared folders", "Display login window as:", "Show input menu in login... (7 Replies)
Hi
I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI.
Wish to use LDAP-SQL in scripts (non Windows GUI environment)
http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png
Softerra LDAP Administrator 2011.1 - What's New
OS is... (2 Replies)
Hello my problem is that:
I have several files with 4 columns and I want to calculate mode of 4th column for each file and write 2nd 3rd and mode value as an output file.
Here is an example of my files:
2005-01-21 05:30:00 0.518736 -163
2005-01-20 05:30:00 0.518736 -160... (3 Replies)
Hi All,
could any one point out any open source test-suites for "File cache" testing and as well as performance test suites for the same. Currently my system is up with Linux/ext4.
Regards
Manish (0 Replies)
We have a WAN boot jumpstart server which works fine .. we have a requirement wherein we would require to jumpstart multiple sparc servers simultaneously, Whats the way .. so that we do not have to wait for a cleint to complete the installation before starting with another server.
Any help would... (1 Reply)
Hi all
I saw in Microsoft web site www.SysInternals.com a tool called CoreInfo from able to print out on screen the size of the Data and Instruction caches of your processor, the Locigal to Physical Processor mapping, the number of the CPU sockets. etc..
Do you know if in Linux is available a... (2 Replies)
Hi folks,
we have a very heterogenous server environment. There are also lots of AIX and Linux servers which usually have different login shells and all servers have to be integrated into LDAP. The LDAP Meta Directory is hosted by a Novell eDirectory.
On our Linux boxes it is usually bash, on... (5 Replies)
hi,
What is the difference between UBC cache and Metadata cache ? where can i find UBC cache Hits and Metadata cache Hits in hp-ux?
Advanced thanx for the help. (2 Replies)
Hi there,
I am wondering if by logging in to a unix system, if it is possible to get the IP address of the machine I am connecting FROM.
I know how I can do this using the name server, but is this possible without a host lookup?:confused:
Thanks,
-ghoti (15 Replies)
07-26-2012
