Re: question about the libpam-ldap debian package.

Wed, 07 May 2008 05:48:49 -0700 

Hello Petter,

you were right, it was the dns...

I try to delete de dns entry in the nsswitch.conf file.

it work very well, the user is authenticated with the credentials files...!

So i don't know how to do to leave the dns entry and to get the same result?
By default, the nss dns status entry is anavail=continue, so it would be OK... 
Does i need to use a proxy dns???

thanks

Anthony a écrit :

Hello

Petter Reinholdtsen a écrit :

[Anthony Berger]

i try to configure the auth of my all users by a openldap server.
So i configure libpam-ldap libnss-ldap (with db in nsswitch.conf)
and nss_udatedb (with a cron to update de db users) configure the
libpam_ccreds to be able to auth the user even if the network is
down (more specially Laptop)


Very interesting configuration.  Is this similar to the configuration
on <URL:http://www.flyn.org/laptopldap/laptopldap.html> for mobile
laptops?


Yes, it seems to be the same goal... but for ldap auth and no kerb...!!


If the interface is not configure, after a first auth on the ldap,
the user authenticated If a interface is NOT configure (Only
loopback) , it take a long, long time, and the user is not auth on
the ccreds file.

WATH's the problem


Could it be a DNS timeout problem?  Is the LDAP server listed in
/etc/hosts?  If the timeout is 3 minutes, it might be the nss-ldap
connect call that take forever.


DNS; i haven't thougth about that...!
I will try to put the ldap server in /etc/hosts

And
yes, the timeout is aproximatively 3 minutes. But i don't use the libnss-ldap, I use the libnss-db so the information are provided by a local db. (I use a cron "nss_updatedb ldap" every 10 minutes (maybe it could be more!!!) ) 
I don't think is due to nss ldap.

about my configuration :

- nsswitch.conf:/
passwd:         files db
shadow:         files db
group:          files db
hosts:          files nis dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis/



Did you consider the nss-ldapd module?  It have a local LDAP proxy
(nslcd) doing the connections to the LDAP server, so it would have it
easier to keep track of the connection status.

How did yuo configure NSS?
Happy hacking, 

bye

Anthony

Reply via email to