Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 May 2006 21:16:20 -0500
From:      Dan Nelson <dnelson@allantgroup.com>
To:        Atom Powers <atom.powers@gmail.com>
Cc:        "Z.C.B." <vvelox@vvelox.net>, freebsd-questions@freebsd.org, Dominique Goncalves <dominique.goncalves@gmail.com>
Subject:   Re: nsswitch.conf with ldap
Message-ID:  <20060509021620.GB65368@dan.emsphone.com>
In-Reply-To: <df9ac37c0605081717i34f3158dwdf1e7c1cf2c4620d@mail.gmail.com>
References:  <7daacbbe0601181356q131bc2d7kd044d924e13079f2@mail.gmail.com> <20060507174256.09c33510@vixen42.vulpes> <df9ac37c0605080827i77a836afje0635ef748419e8d@mail.gmail.com> <20060508182308.6e8d9aac@vixen42.vulpes> <df9ac37c0605081631q283c691ah8c9f7af94e683ca3@mail.gmail.com> <20060508184412.4ccbf90c@vixen42.vulpes> <df9ac37c0605081717i34f3158dwdf1e7c1cf2c4620d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In the last episode (May 08), Atom Powers said:
> On 5/8/06, Z.C.B. <vvelox@vvelox.net> wrote:
> >> I don't know if it will help your problem, I'm struggling through
> >> my own pam/nss/ldap issues, but it is a part of the picture.
> >
> >I am curious. Do you run into problems with SSH and xterm, but
> >everything else works? That is what I am currently hitting.
> >
> >initgroups(kitsune,1001): Invalid argument

man initgroups:

    ERRORS
        The initgroups() function may fail and set errno for any of the
        errors specified for the library function setgroups(2).

man setgroups:

    [EINVAL] The number specified in the ngroups argument is larger
             than the NGROUPS limit.

Either get out of some groups, or raise NGROUPS (this may affect NFS
though).

> > Is what it is kicking into /var/log/messages. That is right after I
> > authenticate.
> 
> No, my problem is with local login when the LDAP server is
> unavailable. It hangs for about two minutes before logging in. I
> think I've tracked this down to an nss timeout somewhere.

Newer version of nss_ldap have timeout veriables to adjust this, but
your best solution would be to set up another ldap server and put them
both in your ldap.conf so you'll never be without one.

-- 
	Dan Nelson
	dnelson@allantgroup.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060509021620.GB65368>