Networking :: Nscd: Nss_ldap: Reconnected To LDAP Server Errors RHEL 5.4
Nov 24, 2010
I'm a network services rookie and I am seeing this error, but it doesn't seem to be effecting functionality. Nov 22 12:12:16 r01 nscd: nss_ldap: reconnected to LDAP server ldap://10.5.1.4 after 1 attempt This error is scattered through out my logs. We are authenticating this Red Hat server to another OpenLdap server. Everything seems to work just fine and we are not even using Kerberos as this is a render server. We set-up ldap right in the GUI, nothing fancy.
RHEL 5.4, Basic install, again, nothing fancy. LDAP does seem to be working fine and allows the right people to login to the machine. We have two of these machines running and both are configured exactly the same and getting the same errors.
When ever I have an issue with our LDAP server (which I was able to fix) we see the following errors in /var/log/messages and it causes problems with our services running on that box, e.g. httpd, nrpe, xinetd, etc. Aug 8 17:44:42 hostname httpd: nss_ldap: failed to bind to LDAP server ldap://serveraddress/: Can't contact LDAP server Aug 8 17:44:42 hostname httpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... I am only wanting to authenticate SSH and Sudo and not services like httpd, nrpe, xinetd etc.
we're running an Ubuntu 10.04 LTS network on our company, authenticating against an Openldap/heimdal-kerberos server.Previously, the clients were authenticating against a Windows 2003 Domain without any problems.After modifying the krb.conf, ldap.conf, nsswitch.conf and nscd.conf files to authenticate the machines against the openldap/heimdal setup, we started experiencing strange problems.
One issue is, for example, the polkit-agent-gnome not starting. This component integrates policykit into gnome. It looks like the agent is unable to start due to some kind of delay with DBUS. Starting the agent manually keeps giving errors until about 70 seconds after login, when the agent can be started without problems. During the delay it is also impossible, for instance, to open the "shut down" menu on the top right of gnome. You can click on the menu, but nothing appears.Trying to start the polkit-agent manually gives these errors (I'll be attaching detailed errors when at work!):
Code:
DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken
GLIB ERROR ** default - Not enough memory to set up DBusConnection for use with GLib It really looks like DBus or something related to it is starting "too late" but I can't seem to find the reason. I'm pretty sure this has to do with some timings or whatever in the krb/ldap config files...
I started a new job and they use LDAP here. I built a new RHEL 5.5 server and configured LDAP. Usernames are recognized but the password is not. I can chown a file to a user name but when I try to login as the user it won't accept the password.I know the password is correct because I can login to any of the old boxes and it accepts the password. I ran authconfig-tui to tell my RHEL box to authenticate to ldap.
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
Not sure this is correct place, but I think it's related to network. I'm using CentOS 5. I installed nscd successfully using yum. But I can't start nscd. It shows [ OK ], but stop right away, and I can't found any nscd process.
/var/log/nscd.log is empty, /var/run/nscd/nscd.pid has a PID that doesn't exist, and here's /etc/nscd.conf Code: # # /etc/nscd.conf # # An example Name Service Cache config file. This file is needed by nscd. # # Legal entries are: # #logfile<file> #debug-level<level> #threads<initial #threads to use> #max-threads<maximum #threads to use> #server-user <user to run server as instead of root> #server-user is ignored if nscd is started with -S parameters #stat-user <user who is allowed to request statistics> .....
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week. Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
I manage to get RHEL Authenticate to Active Directory using LDAP and Kerberos. When a user authenticate to the Unix, the Unix system will check (using Kerberos) to the AD. However I just found out that when the RHEL (LDAP) did the authentication to the AD (to ensure that the RHEL has the right permission to query the LDAP database), it uses simple bind which send the username/password unencrypted over the network.
1) Can We use Kerberos as well? for the initial authentication described above? 2) If Not possible, is there a way to encrypt the username/password in the storage (ldap.conf -because it's world readble)? I know that for tranmission I can use SSL.
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic AuthBasicProvider ldap anon Order allow,deny Allow from all
This part by itself works for the LDAP authentication:
Anonymous guest Anonymous_VerifyEmail Off Anonymous_MustGiveEmail Off Anonymous_LogEmail on Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
I am getting errors when I try to install any package on my RHEL 5.3 linux box. I've previously installed mc(midnight commander) using yum but recently it started failing.
I've inserted a log of a session below. [root@anjanb ~]# yum install multitail Repository engineering-update is listed more than once in the configuration Repository engineering-install is listed more than once in the configuration Repository emergency-update is listed more than once in the configuration Repository emergency-install is listed more than once in the configuration ..... Trying other mirror. Error: failure: repodata/primary.xml.gz from adobe-linux-i386: [Errno 256] No more mirrors to try.
In the past I found some great help on this forum, so here goes. Bare with me because it's a long story. I'll try to be as complete as possible. I've installed and configured OpenLdap on a virtual machine with ip 192.168.39.134. I've added 2 users via LAM. In the ou WikiUsers and the domain is wiki.local.
I've then created another host with ip 192.168.39.133 with mediawiki installed on it. Then I added the extension LDAPAuthenthication. In the LdapAuthentication file I added this code (only the last paragraph is mine, I added the others to show it's location in the script):
I know I'm close because I can't register any new users or accounts on the mediawiki site. Although I could before I added the LDAP service. This is indeed all just to test and get to know how LDAP works. That's why it's all virtual in VMWare. I did not really configure anything on the LDAP, i just installed it and chose a domain (wiki.local).
My machine is running with RHEL 3 and the kernel version that I am using is 2.4.21-37.EL. I would like to upgrade present gcc 3.2.59 to gcc-3.4.6-8. I tried but encountered with errors like dependencies and many more. how to upgrade gcc.
In researching current ldap issue (not being able to do anything but log in) it seems that there are no concepts of privileges, roles, etc. that could be assigned to a user in LDAP.
I've only seen fields that deal with name, organization, etc., not with application-specific access control.
I have to assign certain access privileges to users authenticated via LDAP server based on the privilege level mentoned in the LDAP server. How to attain this.
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
I had a machine that is using ldap, but need to remove it completely.I edited the /etc/nsswitch.conf and removed all references of ldapand renamed /etc/ldap.conf to /etc/ldap.conf.bakI can log in as root, but cannot log in as any user in /etc/passwdIn the /var/log it shows pam_ldap: missing file "/etc/ldap.conf"I am guessing I am missing something else?I never set this machine up for ldap, was here when i got here, so not sure of steps to even put ldap on.
School with linux running on students' laptops, connecting via wlan to a Debian NFS and LDAP server. Every student logs on his/her profile residing on the NFS server.The clients are set up with autofs. Earlier, I had set up the wireless network in /etc/network/interfaces, but this time I decided to configure network manager so as to bring up both wireless and wired network before logon. This setup has been working on for the last fire or five years with only minor changes. Also worked with Karmic Koala, but still with the interfaces file instead of networkmanager. The Vostro is also new here, we've previously used mostly Dell Latitude D505s.
So here is what works:
1: Clients can log on to LDAP and NFS servers both wired and wirelessly. Everything is smooth.
2: While on LAN, shutdown and restart works flawlessly (and quick as a breeze, I'm really impressed by startup/restart/shutdown times, under 25 secs!).
3: Shutdown and restart also works wirelessly when doing it either from a local account or from the GDM chooser.
What doesn't work, however, is shutting down or restarting directly from a networked account connected while only being connected over the wireless network. This is what's being displayed on the terminal after it has tried tho shut down for a while:
Code:
The system is going down for halt NOW!
acpid: exiting init: cron main process (1011) killed by TERM signal. init: tty1 main process (1365) killed by TERM signal.
[code]...
If I try ctrl-alt-del at this stage, it says:
"init: rc main process (3030) killed by TERM signal"
"Checking for running unattended-upgrades: "
And then it will hang again, until I hold the powerbutton for some seconds. The unattended-upgrades part is what seems to be the culprit. I suspect it is about the wireless network not being connected any longer or something like that, but I'm not sure about how to go about debugging shutdown scripts here. I'd be grateful for pointers. I will try and see how it goes with the old interfaces file setup, but I'd rather make nm work.
is possible to edited the default RHEL CD to have it automatically install RHEL based off of a kickstart file that I will store locally on the CD. My plan would be to put a cd in a server and have the OS automatically being installed.
My current project environment setup is having a single server, running on RHEL 5.2, that is constantly receiving incoming data (video and text) over a periodic interval e.g. every 30 minutes. Initial in-house testing projected the server will be generally busy, so we decided to incorporate a second server for load balancing purposes. So now, server A and B will need to be clustered. Once that is done, incoming data will balance out between the two server (or at least that is what I will like to achieve. Note, I'm aware that at the switch side, I'll need to do some additional configuration and that part is covered).
I've been reading on Red Hat Cluster Suite and the Linux Virtual Server (LVS) seems the way to go. However, I noted that the LVS solution require at least a two-tier solution, and that would incur 3 additional servers instead of just 1. So here's my questions:- I looked around and probably know the answer, but I'm gonna ask anyway. Is there a one-tier solution for LVS i.e. have anyone tried or whether it's even feasible. From my reading, it don't seem so but just want another opinion. Is there any other way for me to do the clustering (for load-balancing) without LVS?
Sidenote: I'm currently looking at Ultra Monkey and will be trying out in a while. However, the project I'm doing would be rolled out to live site eventually, and my customer is kind of....particular. I'm just wondering if there's a software/application (that need to be purchased) and comes with support.
We are planning to migrate our LINUX server from RHEL 3to RHEL 5. What are the configuration difference between RHEL 3 to RHEL 5 for webserver installations?
USB joystick with Linux only works when I disconnected and reconnected its. I have a problem that it can easy, but I didn't find a solution yet. When I turn on my computer using a Debian or Ubuntu and tried to use the joystick the commands of joystick doesn't pass to SO. Once I disconnect and reconnect the joystick on USB port it pass to work.
Environment: SO: Debian 5.0 lsusb - executed this command before disconnect and reconnected the joystick result is equal:
My DNS server is baring 192 series IP for ex: 192.168.10.100, need to configureloadbalancer IP in that DNS server, where loadbalancer is baring 172 series IP. for ex : 172.56.67.19.is it possible to cofigure the loadbalancer ip in DNS server? if it is, please let me know the configuration details and procedure.
1 I have XP installed on HDD1 (SATA 200 Gb master). Now I installed Cetos 5.5 (use 4.1 Gb DVD1) on the second drive, HDD2 (Seagate STA 40 Gb slave.) I didnt fund the option for selecting boot location during installation, just selected second drive. I think this is my first mistaking. The Centos can�t boot up after initial installation. I disconnected the HDD1 (XP drive.) Then finished Centos install. � Second mistaking.
2 After that Sentos installed, I reconnected HDD1 but XP is disappeared. The grub.cfg shows about XP as: Title other Rootnoverity (hd1,0) Chainloader +1
3 For finding XP I disconnected HDD2 (Sentos), but XP can�t be started. This message is shown up:
Just wait 5 seconds for normal startup! Boot: could not find kernel image:vmlinuz
4 I think that stuff was written by grub. I decided to get rid of them then reinstall all. I tried to deleted and create new partition, format c:, fixmbr, and fixboot, then install XP on c:. But above message still shows up when boot machine. I have to use XP install cd to start Windows XP.
