Date: Mon, 05 Mar 2012 18:07:22 +0600 From: "Eugene M. Zheganin" <emz@norma.perm.ru> To: freebsd-questions@freebsd.org Subject: nsswitch and unavailable backends Message-ID: <4F54AC7A.8090604@norma.perm.ru>
next in thread | raw e-mail | index | archive | help
Hi. I'm trying to set up LDAP user authentication. I use bet/nss_ldap and security/pam_ldap ports to do this. I'm doing this following the article from the documentation set. Though it's not that complete and misses some very important stuff, I've actually set up the LDAP installations and my users are able to successfully authenticate and log in on my servers. Then I ran into some serious issue. :) When the LDAP server if off/unavailable, users cannot log in - I mean, even the local users. nsswitch.conf: group: files ldap hosts: files dns networks: files passwd: files ldap shells: files services: files protocols: files rpc: files If I remove ldap - all is fine, of course, besides the fact that this breaks the LDAP authentication. I've read the nsswitch manual and saw that I can handle the unavailable LDAP server with some action flags, but the default action is 'continue' already. I also tried the [notfound=return unavail=return tryagain=return] mantra (it's harmless to try since it's the last backup) but this didn't work either. sshd crashes with signal 11, crond does the same. Sad. On a machine running LDAP server the situation is even funnier: the LDAP server, even having a local account to work under, still tries to query himself on start, making the startup impossible. Can this situation be solved ? Right now I remove 'ldap' backend, start the slapd, add ldap backends again and so on. Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F54AC7A.8090604>