[opensuse] 12.1 LDAP nscd Samba problems

newer
Re: [opensuse] How to setup email...

older
[opensuse] Kdegames3-board and 12.1

lynn

23 Nov 2011 23 Nov '11

11:22

Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan. The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes. I have to disable services and then enable them on boot. Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client. Reboot and login as root: then activate in this order: 1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start I could see a workaround by putting the commands in /etc/after.local but I would need 2 /etc/nsswitch files. One for the boot without ldap and the other one created by the Yast LDAP Client. What a mess! Anyone any ideas? BTW. Everything works, It's just that I have to start the system manually. Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Show replies by date

Ken Schneider - openSUSE

23 Nov 23 Nov

14:22

On 11/23/2011 06:22 AM, lynn pecked at the keyboard and wrote:

...

Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan.

The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes.

I have to disable services and then enable them on boot.

Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client.

Reboot and login as root:

then activate in this order:

1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

I could see a workaround by putting the commands in /etc/after.local but I would need 2 /etc/nsswitch files. One for the boot without ldap and the other one created by the Yast LDAP Client.

What a mess!

Anyone any ideas?

BTW. Everything works, It's just that I have to start the system manually.

Thanks, L x

Have you tried hitting F5 at the boot prompt and using sysvinit instead of systemd? A comparison would be helpful in finding a cause. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

lynn

15:28

On 23/11/11 15:22, Ken Schneider - openSUSE wrote:

...

On 11/23/2011 06:22 AM, lynn pecked at the keyboard and wrote:

...
Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan.

The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes.

I have to disable services and then enable them on boot.

Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client.

Reboot and login as root:

then activate in this order:

1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

I could see a workaround by putting the commands in /etc/after.local but I would need 2 /etc/nsswitch files. One for the boot without ldap and the other one created by the Yast LDAP Client.

What a mess!

Anyone any ideas?

BTW. Everything works, It's just that I have to start the system manually.

Thanks, L x

Have you tried hitting F5 at the boot prompt and using sysvinit instead of systemd? A comparison would be helpful in finding a cause.

I enabled LDAP, nscd, smb nmb and have Yast -> LDAP Client do its bit with nsswitch.conf and _yes_, it works. (With system V init using f5 from the boot prompt). My other problem with changing runlevels has also gone away. What has changed with 12.1? I still think the boot order is wrong. Surely, the LDAP server should be started _before_ of whatever starts nss-ldap. Here are the errors: Nov 23 16:06:20 hh1 dbus-daemon: nss-ldap: do_open: do_start_tls failed:stat=-1 Nov 23 16:06:20 hh1 dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailale Just two other bits of stuff: 1. What am I missing by not having the default 12.1 init? 2. How can I make the System V method stick instead of having to interrupt the boot process and 'press-f5-at-the-boot-prompt-and-choose-System V'? 3. How do I make the 12.1 default boot method work? Thanks so much for your help. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Greg Freemyer

15:52

On Wed, Nov 23, 2011 at 10:28 AM, lynn wrote:

...

On 23/11/11 15:22, Ken Schneider - openSUSE wrote:

...
On 11/23/2011 06:22 AM, lynn pecked at the keyboard and wrote:

...
Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan.

The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes.

I have to disable services and then enable them on boot.

Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client.

Reboot and login as root:

then activate in this order:

1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

I could see a workaround by putting the commands in /etc/after.local but I would need 2 /etc/nsswitch files. One for the boot without ldap and the other one created by the Yast LDAP Client.

What a mess!

Anyone any ideas?

BTW. Everything works, It's just that I have to start the system manually.

Thanks, L x

Have you tried hitting F5 at the boot prompt and using sysvinit instead of systemd? A comparison would be helpful in finding a cause.

I enabled LDAP, nscd, smb nmb and have Yast -> LDAP Client do its bit with nsswitch.conf and _yes_, it works. (With system V init using f5 from the boot prompt). My other problem with changing runlevels has also gone away. What has changed with 12.1?

systemd is major change to the boot process.

...

I still think the boot order is wrong. Surely, the LDAP server should be started _before_ of whatever starts nss-ldap. Here are the errors:

Nov 23 16:06:20 hh1 dbus-daemon: nss-ldap: do_open: do_start_tls failed:stat=-1 Nov 23 16:06:20 hh1 dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailale

Probably a bug. This is the first opensuse rollout of systemd. There are lots of potentials for problems. If you can file a bugzilla and work with the support team to get resolved, I suspect it will be a priority. I think all systemd bugs are being treated with priority.

...

Just two other bits of stuff:

1. What am I missing by not having the default 12.1 init?

Probably nothing, but over time system V init will drop from the opensuse support matrix. As that happens you may find yourself semi forced to move. But who knows when that will be. I seriously doubt 12.2 will have better systemd support than sysVinit support. By 12.3, I would not be surprised if systemd works better, but I'd be surprised if sysVinit is dropped that soon.

...

2. How can I make the System V method stick instead of having to interrupt the boot process and 'press-f5-at-the-boot-prompt-and-choose-System V'?

See the release notes: http://www.suse.de/relnotes/i386/openSUSE/12.1/RELEASE-NOTES.en.html where it says "If you want to switch to sysvinit permanently, install the sysvinit-init package. To switch back to systemd, reinstall the systemd-sysvinit package." That init script runs some config magic that makes it permanent.

...

3. How do I make the 12.1 default boot method work?

bugzilla

...

Thanks so much for your help. L x

Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

lynn

16:58

On 23/11/11 16:52, Greg Freemyer wrote:

...

On Wed, Nov 23, 2011 at 10:28 AM, lynn wrote:

...
On 23/11/11 15:22, Ken Schneider - openSUSE wrote:

...
On 11/23/2011 06:22 AM, lynn pecked at the keyboard and wrote:

...
Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan.

The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes.

I have to disable services and then enable them on boot.

Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client.

Reboot and login as root:

then activate in this order:

1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

I could see a workaround by putting the commands in /etc/after.local but I would need 2 /etc/nsswitch files. One for the boot without ldap and the other one created by the Yast LDAP Client.

What a mess!

Anyone any ideas?

BTW. Everything works, It's just that I have to start the system manually.

Thanks, L x

Have you tried hitting F5 at the boot prompt and using sysvinit instead of systemd? A comparison would be helpful in finding a cause.

I enabled LDAP, nscd, smb nmb and have Yast -> LDAP Client do its bit with nsswitch.conf and _yes_, it works. (With system V init using f5 from the boot prompt). My other problem with changing runlevels has also gone away. What has changed with 12.1?

systemd is major change to the boot process.

...
I still think the boot order is wrong. Surely, the LDAP server should be started _before_ of whatever starts nss-ldap. Here are the errors:

Nov 23 16:06:20 hh1 dbus-daemon: nss-ldap: do_open: do_start_tls failed:stat=-1 Nov 23 16:06:20 hh1 dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailale

Probably a bug. This is the first opensuse rollout of systemd. There are lots of potentials for problems. If you can file a bugzilla and work with the support team to get resolved, I suspect it will be a priority. I think all systemd bugs are being treated with priority.

...
Just two other bits of stuff:

1. What am I missing by not having the default 12.1 init?

Probably nothing, but over time system V init will drop from the opensuse support matrix. As that happens you may find yourself semi forced to move.

But who knows when that will be. I seriously doubt 12.2 will have better systemd support than sysVinit support. By 12.3, I would not be surprised if systemd works better, but I'd be surprised if sysVinit is dropped that soon.

...
2. How can I make the System V method stick instead of having to interrupt the boot process and 'press-f5-at-the-boot-prompt-and-choose-System V'?

See the release notes: http://www.suse.de/relnotes/i386/openSUSE/12.1/RELEASE-NOTES.en.html

where it says

"If you want to switch to sysvinit permanently, install the sysvinit-init package. To switch back to systemd, reinstall the systemd-sysvinit package."

That init script runs some config magic that makes it permanent.

...
3. How do I make the 12.1 default boot method work?

bugzilla

...
Thanks so much for your help. L x

Greg

Submitted: https://bugzilla.novell.com/show_bug.cgi?id=732395 Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Ralf Haferkamp

16:44

Am Mittwoch 23 November 2011, 16:28:57 schrieb lynn:

...

On 23/11/11 15:22, Ken Schneider - openSUSE wrote:

...
On 11/23/2011 06:22 AM, lynn pecked at the keyboard and wrote:

...
Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan.

The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes. Hm, this sound like a missing bind_policy soft

...

...
...
I have to disable services and then enable them on boot.

Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client.

Reboot and login as root:

then activate in this order:

1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

I could see a workaround by putting the commands in /etc/after.local but I would need 2 /etc/nsswitch files. One for the boot without ldap and the other one created by the Yast LDAP Client.

What a mess!

Anyone any ideas?

BTW. Everything works, It's just that I have to start the system manually.

Thanks, L x

Have you tried hitting F5 at the boot prompt and using sysvinit instead of systemd? A comparison would be helpful in finding a cause. I enabled LDAP, nscd, smb nmb and have Yast -> LDAP Client do its bit with nsswitch.conf and _yes_, it works. (With system V init using f5 from the boot prompt). My other problem with changing runlevels has also gone away. What has changed with 12.1?

I still think the boot order is wrong. Surely, the LDAP server should be started _before_ of whatever starts nss-ldap. Here are the errors:

Nov 23 16:06:20 hh1 dbus-daemon: nss-ldap: do_open: do_start_tls failed:stat=-1 Nov 23 16:06:20 hh1 dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailale This is quite normal and should not be a problem. Also there is nothing much we can do about it. dbus-daemon is ususally one of the first things

in /etc/ldap.conf. Can you check that? If that is missing and you setup LDAP client using YaST, please open a Bugreport. that is started. Long before the network is up. So if your LDAP Server is not running on localhost you always get that error message. And if your LDAP Server is on localhost you still can't start before dbus-daemon because of some other dependencies IIRC. Is there any reason you are using nss_ldap instead of sssd, btw? regards, Ralf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

lynn

17:14

On 23/11/11 17:44, Ralf Haferkamp wrote:

...

Am Mittwoch 23 November 2011, 16:28:57 schrieb lynn:

...
On 23/11/11 15:22, Ken Schneider - openSUSE wrote:

...
On 11/23/2011 06:22 AM, lynn pecked at the keyboard and wrote:

...
Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan.

The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes. Hm, this sound like a missing bind_policy soft

in /etc/ldap.conf. Can you check that? If that is missing and you setup LDAP client using YaST, please open a Bugreport.

Yes I have: bind_policy soft in /etc/ldap.conf But to make tls work I had to change /etc/openldap/ldap.conf: TLS_REQCERT hard TLS_CACERT /etc/openldap/cacert.pem Does that make any difference? bugzilla as to why, here: https://bugzilla.novell.com/show_bug.cgi?id=730046

...

...
...
...
I have to disable services and then enable them on boot.

Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client.

Reboot and login as root:

then activate in this order:

1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

I could see a workaround by putting the commands in /etc/after.local but I would need 2 /etc/nsswitch files. One for the boot without ldap and the other one created by the Yast LDAP Client.

What a mess!

Anyone any ideas?

BTW. Everything works, It's just that I have to start the system manually.

Thanks, L x

Have you tried hitting F5 at the boot prompt and using sysvinit instead of systemd? A comparison would be helpful in finding a cause. I enabled LDAP, nscd, smb nmb and have Yast -> LDAP Client do its bit with nsswitch.conf and _yes_, it works. (With system V init using f5 from the boot prompt). My other problem with changing runlevels has also gone away. What has changed with 12.1?

I still think the boot order is wrong. Surely, the LDAP server should be started _before_ of whatever starts nss-ldap. Here are the errors:

Nov 23 16:06:20 hh1 dbus-daemon: nss-ldap: do_open: do_start_tls failed:stat=-1 Nov 23 16:06:20 hh1 dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailale This is quite normal and should not be a problem. Also there is nothing much we can do about it. dbus-daemon is ususally one of the first things that is started. Long before the network is up. So if your LDAP Server is not running on localhost you always get that error message. And if your LDAP Server is on localhost you still can't start before dbus-daemon because of some other dependencies IIRC.

Is there any reason you are using nss_ldap instead of sssd, btw?

regards, Ralf

Hi No reason. I've done this as a newbie because I had to make a single sign on setup for our LAN when win 7 boxes were connected. Otherwise it would have cost us a small fortune for the local computer consultancy to do it for us. I've done most of this via Yast. I made the certificates for tls support by hand because the 12.1 Yast CA management module is broken: https://bugzilla.novell.com/show_bug.cgi?id=730889 Other than this I have no idea what the difference is between nss_ldap and sssd. You seem to suggest that sssd is better. If so, is it easy to change? Thanks for your interest. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Ralf Haferkamp

24 Nov 24 Nov

09:52

Am Mittwoch 23 November 2011, 18:14:44 schrieb lynn:

...

On 23/11/11 17:44, Ralf Haferkamp wrote: [..]

...
Hm, this sound like a missing bind_policy soft

in /etc/ldap.conf. Can you check that? If that is missing and you setup LDAP client using YaST, please open a Bugreport.

Yes I have: bind_policy soft in /etc/ldap.conf Good.

...

But to make tls work I had to change /etc/openldap/ldap.conf:

TLS_REQCERT hard TLS_CACERT /etc/openldap/cacert.pem

Does that make any difference? Hm, normally YaST adds those line. I have no idea why it didn't work in your case.

...

bugzilla as to why, here: https://bugzilla.novell.com/show_bug.cgi?id=730046 [..]

...
Is there any reason you are using nss_ldap instead of sssd, btw?

[..] No reason. I've done this as a newbie because I had to make a single sign on setup for our LAN when win 7 boxes were connected. Otherwise it would have cost us a small fortune for the local computer consultancy to do it for us. I've done most of this via Yast. I made the certificates for tls support by hand because the 12.1 Yast CA management module is broken:

https://bugzilla.novell.com/show_bug.cgi?id=730889

Other than this I have no idea what the difference is between nss_ldap and sssd. You seem to suggest that sssd is better. It's better insofar that it is acutally maintained. nss_ldap didn't get a lot attention upstream lately. Additionally it adds some nice feature like offline caching and integrated kerberos support. It also addresses some linker issue we had with nss_ldap which caused problems with thunderbird and openoffice in the past. (Especially if nscd was disabled.)

...

If so, is it easy to change? It's possible through YaST ldap-client. Should work by just clicking the "Use sssd" checkbox. If you didn't have nss_ldap installed before starting the YaST ldap-client module sssd should actually be the default selection.

Ralf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Herbert Graeber

11:04

...

Am Mittwoch 23 November 2011, 18:14:44 schrieb lynn: [...]

...
If so, is it easy to change? It's possible through YaST ldap-client. Should work by just clicking the "Use sssd" checkbox. But beware, it's not easy to switch back [Bug report pending]. I have

Am 24.11.2011 10:52, schrieb Ralf Haferkamp: tried to disable it completely or to turn off the use of kereberos, and I had to fiddle with the configuration files to make the system work again. But that was only while experimenting with it. After having everything has been setup, sssd works great for me, especially for notebook setups.

...

[...] Herbert -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

lynn

11:23

On 24/11/11 12:04, Herbert Graeber wrote:

...

...
Am Mittwoch 23 November 2011, 18:14:44 schrieb lynn: [...]

...
If so, is it easy to change? It's possible through YaST ldap-client. Should work by just clicking the "Use sssd" checkbox. But beware, it's not easy to switch back [Bug report pending]. I have

Am 24.11.2011 10:52, schrieb Ralf Haferkamp: tried to disable it completely or to turn off the use of kereberos, and I had to fiddle with the configuration files to make the system work again.

I also have a bug report open on Yast LDAP setup: https://bugzilla.novell.com/show_bug.cgi?id=730046 and therefore know all about having to fiddle with config files after using it. So I don't trust Yast at the moment. My test box which had samba-ldap-windows 7 on it has been, erm, 'recommissioned' as a win 7 client on our lan so I can't take 'clicking-the-sssd checkbox' type risks at the moment, I'll recommission it back when no one is looking;). Meanwhile if anyone can test it on their test box that would be great. Please post bugzilla if you go ahead. Thanks. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Adam Tauno Williams

23 Nov 23 Nov

15:17

On Wed, 2011-11-23 at 12:22 +0100, lynn wrote:

...

Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan. The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes. I have to disable services and then enable them on boot. Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client. Reboot and login as root: then activate in this order: 1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

In any case, if you are using Samba w/LDAPSAM then ncsd should be disabled, always. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

lynn

15:43

On 23/11/11 16:17, Adam Tauno Williams wrote:

...

On Wed, 2011-11-23 at 12:22 +0100, lynn wrote:

...
Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan. The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes. I have to disable services and then enable them on boot. Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client. Reboot and login as root: then activate in this order: 1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

In any case, if you are using Samba w/LDAPSAM then ncsd should be disabled, always.

If I disable the nscd, the user can login but has: 'I have no name!' as a boot promt. That can't be right can it? Thanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Ruediger Meier

15:52

On Wednesday 23 November 2011, Adam Tauno Williams wrote:

...

On Wed, 2011-11-23 at 12:22 +0100, lynn wrote:

...
Hi everyone. Sorry this is a bit long: Scenario: LDAP - Samba Clean install 12.1 server for a single sign an opensuse/win-7 lan. The boot process seems to be broken.The system boots but services take forever to become available. Console 1 does not give a login prompt for over 5 minutes. I have to disable services and then enable them on boot. Using Yast runlevel editor: Disable LDAP, nscd, smb and nmb. Disable Yast LDAP Client. Reboot and login as root: then activate in this order: 1. rcldap start 2. Yast -> LDAP Client -> use LDAP 3. rcnscd start 4. rcsmb start 5. rcnmb start

In any case, if you are using Samba w/LDAPSAM then ncsd should be disabled, always.

Can you explain why? I thought nscd is an improvement _specially_ if users are comming via (slow) network. Is there a special issue with the combination nscd, samba, LDAPSAM? cu, RUdi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Lars Müller

20:13

On Wed, Nov 23, 2011 at 04:52:46PM +0100, Ruediger Meier wrote:

...

On Wednesday 23 November 2011, Adam Tauno Williams wrote: [ 8< ]

...
In any case, if you are using Samba w/LDAPSAM then ncsd should be disabled, always.

Can you explain why?

None is able to explain the background of this rumor since ten years. We explained this to John - who takes care of the Samba documentation stuff - also quite often. If my memories are correct. For testing purpose it's sometimes quite useful to disable nscd. But for a system you intend to use on a regular base nscd or unscd is a must have.

...

I thought nscd is an improvement _specially_ if users are comming via (slow) network. Is there a special issue with the combination nscd, samba, LDAPSAM?

None I'm aware of. But maybe we'll learn something. :) Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany

Rüdiger Meier

23:57

On Wednesday 23 November 2011, Lars Müller wrote:

...

On Wed, Nov 23, 2011 at 04:52:46PM +0100, Ruediger Meier wrote:

...
On Wednesday 23 November 2011, Adam Tauno Williams wrote:

...

...
...
In any case, if you are using Samba w/LDAPSAM then ncsd should be disabled, always.

Can you explain why?

None is able to explain the background of this rumor since ten years.

OK, I thought I missed something new.

...

We explained this to John - who takes care of the Samba documentation stuff - also quite often. If my memories are correct.

For testing purpose it's sometimes quite useful to disable nscd. But for a system you intend to use on a regular base nscd or unscd is a must have.

BTW do you have a reference to a discussion or something why exactly we have switched to unscd ~2009? Looking at unscd sources I've noticed that "man nscd.conf" is completely invalid currently. This reminds me of my strange unsolved idmapd/nfs4 issues and (u)nscd becomes suspicious again.

...

...
I thought nscd is an improvement _specially_ if users are comming via (slow) network. Is there a special issue with the combination nscd, samba, LDAPSAM?

None I'm aware of. But maybe we'll learn something. :)

I assume that it's simply the natural "cache becomes invalid problem" which appears only with network users because nscd checks at least for local file changes (/etc/passwd etc.). BTW (risking another flame) it would be another nice feature for systemd to implement nscd itself and keeping track of all kind of possible network user stuff to do precise cache invalidation. I guess this would help getting over the old rumors regardless whether it will actually work correctly or not ;) cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

4583

Age (days ago)

4584

Last active (days ago)

List overview

Download

14 comments

9 participants

participants (9)

Adam Tauno Williams
Greg Freemyer
Herbert Graeber
Ken Schneider - openSUSE
Lars Müller
lynn
Ralf Haferkamp
Ruediger Meier
Rüdiger Meier