From owner-freebsd-questions@FreeBSD.ORG  Tue May  9 02:16:27 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7B1EB16A40A
	for <freebsd-questions@freebsd.org>;
	Tue,  9 May 2006 02:16:27 +0000 (UTC)
	(envelope-from dan@dan.emsphone.com)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 63A0043D48
	for <freebsd-questions@freebsd.org>;
	Tue,  9 May 2006 02:16:21 +0000 (GMT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.13.1/8.13.4) id k492GKZv064233;
	Mon, 8 May 2006 21:16:20 -0500 (CDT) (envelope-from dan)
Date: Mon, 8 May 2006 21:16:20 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: Atom Powers <atom.powers@gmail.com>
Message-ID: <20060509021620.GB65368@dan.emsphone.com>
References: <7daacbbe0601181356q131bc2d7kd044d924e13079f2@mail.gmail.com>
	<20060507174256.09c33510@vixen42.vulpes>
	<df9ac37c0605080827i77a836afje0635ef748419e8d@mail.gmail.com>
	<20060508182308.6e8d9aac@vixen42.vulpes>
	<df9ac37c0605081631q283c691ah8c9f7af94e683ca3@mail.gmail.com>
	<20060508184412.4ccbf90c@vixen42.vulpes>
	<df9ac37c0605081717i34f3158dwdf1e7c1cf2c4620d@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <df9ac37c0605081717i34f3158dwdf1e7c1cf2c4620d@mail.gmail.com>
X-OS: FreeBSD 5.5-PRERELEASE
X-message-flag: Outlook Error
User-Agent: Mutt/1.5.11
Cc: "Z.C.B." <vvelox@vvelox.net>, freebsd-questions@freebsd.org,
	Dominique Goncalves <dominique.goncalves@gmail.com>
Subject: Re: nsswitch.conf with ldap
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2006 02:16:27 -0000

In the last episode (May 08), Atom Powers said:
> On 5/8/06, Z.C.B. <vvelox@vvelox.net> wrote:
> >> I don't know if it will help your problem, I'm struggling through
> >> my own pam/nss/ldap issues, but it is a part of the picture.
> >
> >I am curious. Do you run into problems with SSH and xterm, but
> >everything else works? That is what I am currently hitting.
> >
> >initgroups(kitsune,1001): Invalid argument

man initgroups:

    ERRORS
        The initgroups() function may fail and set errno for any of the
        errors specified for the library function setgroups(2).

man setgroups:

    [EINVAL] The number specified in the ngroups argument is larger
             than the NGROUPS limit.

Either get out of some groups, or raise NGROUPS (this may affect NFS
though).

> > Is what it is kicking into /var/log/messages. That is right after I
> > authenticate.
> 
> No, my problem is with local login when the LDAP server is
> unavailable. It hangs for about two minutes before logging in. I
> think I've tracked this down to an nss timeout somewhere.

Newer version of nss_ldap have timeout veriables to adjust this, but
your best solution would be to set up another ldap server and put them
both in your ldap.conf so you'll never be without one.

-- 
	Dan Nelson
	dnelson@allantgroup.com