Hey guys
i�ve one big problem with nscd.conf this don�t work i tried many examples of configuration the nscd.conf simply don�t work when i stop the ldap server i try access by ssh on the client i can�t make logon.
And the database on /var/db/nscd don�t work.
follows below the conf of nscd.conf , nsswitch.conf
i don�t know what i doing wrong !!
please help !!!!
S.O red hat 5.7 64 Bit client
/etc/nsswitch.conf
passwd: db files ldap cache
shadow: db files ldap cache
group: db files ldap cache
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files ldap
networks: files ldap
protocols: db files
rpc: db files
services: db files
netgroup: files ldap
aliases: files ldap
sudoers: files ldap
/etc/nscd.conf
logfile /var/log/nscd.log
# threads 6
# max-threads 128
server-user nscd
# stat-user nocpulse
debug-level 0
reload-count unlimited
paranoia no
# restart-interval 3600
enable-cache passwd yes
positive-time-to-live passwd 60
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd no
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes
enable-cache group yes
positive-time-to-live group 60
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group no
shared group yes
max-db-size group 33554432
auto-propagate group yes
enable-cache hosts no
positive-time-to-live hosts 60
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432
thank�s !!!!!
---------- Post updated 07-26-12 at 02:50 PM ---------- Previous update was 07-25-12 at 03:54 PM ----------
i tested on client ldap the sssd but is don�t worked too good much
follow below configuration on /etc/sssd/sssd.conf * and /etc/nsswitch.conf remembering that nscd is offline.
/etc/sssd/sssd.conf:
[sssd]
config_file_version = 2
# Number of times services should attempt to reconnect in the
# event of a crash or restart before they give up
reconnection_retries = 3
# If a back end is particularly slow you can raise this timeout here
sbus_timeout = 30
services = nss, pam
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
; domains = LOCAL,LDAP
domains = default
[nss]
# The following prevents SSSD from searching for the root user/group in
# all domains (you can add here a comma-separated list of system accounts that
# are always going to be /etc/passwd users, or that you want to filter out).
filter_groups = ou=Group,dc=energia,dc=org,dc=br
filter_users = ou=People,dc=energia,dc=org,dc=br
reconnection_retries = 3
# The entry_cache_nowait_percentage indicates the percentage of the
# entry_cache_timeout to wait before updating the cache out-of-band.
# (NSS requests will still be returned from cache until the full
# entry_cache_timeout). Setting this value to 0 turns this feature
# off (default).
entry_cache_nowait_percentage = 300
[pam]
reconnection_retries = 3
# Example domain configurations
# Note that enabling enumeration in the following configurations will have a
# moderate performance impact while enumerations are actually running, and
# may increase the time necessary to detect network disconnection.
# Consequently, the default value for enumeration is FALSE.
# Refer to the sssd.conf man page for full details.
# Example LOCAL domain that stores all users natively in the SSSD internal
# directory. These local users and groups are not visible in /etc/passwd; it
# now contains only root and system accounts.
; [domain/LOCAL]
; description = LOCAL Users domain
; id_provider = local
; enumerate = true
; min_id = 500
; max_id = 999
# Example native LDAP domain
# ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute
# for group membership, or to "rfc2307bis", which uses the "member" attribute
# to denote group membership. Changes to this setting affect only how we
# determine the groups a user belongs to and will have no negative effect on
# data about the user itself. If you do not know this value, ask an
# administrator.
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://10.60.1.236
ldap_search_base = dc=energia,dc=org,dc=br
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400
# Example LDAP domain where the LDAP server is an Active Directory server.
; [domain/AD]
; description = LDAP domain with AD server
; enumerate = false
; min_id = 1000
;
; id_provider = ldap
; auth_provider = ldap
; ldap_uri = ldap://your.ad.server.com
; ldap_schema = rfc2307bis
; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
; ldap_default_authtok_type = password
; ldap_default_authtok = YOUR_PASSWORD
; ldap_user_object_class = person
; ldap_user_name = msSFU30Name
; ldap_user_uid_number = msSFU30UidNumber
; ldap_user_gid_number = msSFU30GidNumber
; ldap_user_home_directory = msSFU30HomeDirectory
; ldap_user_shell = msSFU30LoginShell
; ldap_user_principal = userPrincipalName
; ldap_group_object_class = group
; ldap_group_name = msSFU30Name
; ldap_group_gid_number = msSFU30GidNumber
; ldap_force_upper_case_realm = True
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/etc/nsswitch.conf
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: db files ldap sss
shadow: db files ldap sss
group: db files ldap sss
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files ldap
networks: files ldap
protocols: db files
rpc: db files
services: db files
netgroup: files ldap
#publickey: nisplus
#automount: files ldap
aliases: files ldap
sudoers: files ldap
automount: files ldap
log /var/log/messages
Jul 26 10:57:23 lxbi01 yum: Installed: openldap24-libs-devel-2.4.23-5.el5.x86_64
Jul 26 11:00:21 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 11:00:21 lxbi01 sssd: Cannot load configuration database
Jul 26 11:03:16 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 11:03:16 lxbi01 sssd: Cannot load configuration database
Jul 26 11:04:17 lxbi01 sssd: Cannot load configuration database
Jul 26 11:05:51 lxbi01 sssd: Cannot load configuration database
Jul 26 11:37:58 lxbi01 sssd: Cannot load configuration database
Jul 26 13:41:03 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 13:41:03 lxbi01 sssd: Cannot load configuration database