[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User Authentication Hangs.. I'm losing my sanity!

Rich West wrote:
OK.. I'm not sure if this is the right list or not, but I thought I would give it a shot.

Installed: openldap-2027-8 (from RH), nss_ldap 215, pam_ldap 167

The problem I am having is that on a newly installed RH 9 system, if I use nss_ldap and/or pam_ldap for user authentication, and, hence, add ldap to the nsswitch.conf file for shadow/groups/passwd/hosts, no one, not even root, can log in to the system. SSH sits and waits forever. From the console, the system hangs and eventually times out, bringing me back to the login screen (non-graphic, runlevel 3).

Now, the history is that I have (err.. had) this all running happily on a RH8 system (well, sorta RH8.. It was upgraded from 61 to 6.2 to 7.1 to 7.2 to 7.3 to 8.. I figured it was time to do everything "clean" again). On my original machine, with the same ldap database and server version running, I can happily set the the nsswitch.conf file accordingly, set up the /etc/pam.d/system-auth and sshd files, and do all of the getent's I want and the server happily works.

I'm replicating everything on the new machine, and, well, it has been disasterous. I can get valid results from getent passwd/shadow/groups, but not hosts (totally weird). IF I have ldap in /etc/nsswitch.conf for passwd/shadow/groups, then no one can log in.. not even via the console.

Now, if I do the nsswitch.conf file change while logged in as root, and I /bin/su - someuser, it hangs.. If I ssh localhost, it hangs. If I strace everything, it all seems to go about 90% of the way there, and then drop in to a suspended state.

I turned up the logging on slapd for a few minutes (wow, it was noisy at debug level 9. :) and grabbed the relevant output from an attempt at /bin/su'ing as a user serviced by ldap.

I'm completely baffled (8hrs in to trying to resolve this)... Any help would be wonderful..


What does your /etc/ldap.conf look like?

Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956