From owner-freebsd-questions@FreeBSD.ORG Tue Sep 22 13:18:24 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F97A106566C; Tue, 22 Sep 2009 13:18:24 +0000 (UTC) (envelope-from doconnor@gsoft.com.au) Received: from cain.gsoft.com.au (cain.gsoft.com.au [203.31.81.10]) by mx1.freebsd.org (Postfix) with ESMTP id D82298FC1B; Tue, 22 Sep 2009 13:18:23 +0000 (UTC) Received: from inchoate.gsoft.com.au ([118.210.70.173]) (authenticated bits=0) by cain.gsoft.com.au (8.13.8/8.13.8) with ESMTP id n8MDILMi026808 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 22 Sep 2009 22:48:21 +0930 (CST) (envelope-from doconnor@gsoft.com.au) From: "Daniel O'Connor" To: freebsd-current@freebsd.org Date: Tue, 22 Sep 2009 22:48:06 +0930 User-Agent: KMail/1.9.10 References: <4AB8BAA9.1060100@zedat.fu-berlin.de> In-Reply-To: <4AB8BAA9.1060100@zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6531400.HeUU1V82GJ"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200909222248.16475.doconnor@gsoft.com.au> X-Spam-Score: -2.596 () AWL,BAYES_00,RDNS_NONE X-Scanned-By: MIMEDefang 2.63 on 203.31.81.10 Cc: "O. Hartmann" , freebsd-questions@freebsd.org Subject: Re: LDAP server gone -> impossible to login locally! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2009 13:18:24 -0000 --nextPart6531400.HeUU1V82GJ Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tue, 22 Sep 2009, O. Hartmann wrote: > I run into trouble with FreeBSD and LDAP on a regular basis! > > Sometimes it is necessary to log in onto a bunch of servers with no > LDAP service responding, due to service, crash, eletrically > disconnetion, whatever. The problem is: I can't. > Using all prerequisits from ports (pam_ldap/nss_ldap/ldap as most > recent) my /etc/nsswitch.conf looks like this as it has been the most > reasonable (and only working!) solution for the past 2 years: > > passwd: ldap [unavail=3Dcontinue notfound=3Dcontinue] files > [success=3Dreturn notfound=3Dreturn] I just have passwd: cache files ldap group: cache files ldap and I can login as root locally without any delay. That said my LDAP server is on the same machine so perhaps it fails=20 faster. I am using "uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/" to=20 connect to. =2D-=20 Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C --nextPart6531400.HeUU1V82GJ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iD8DBQBKuM6Y5ZPcIHs/zowRAqa+AJ9Rx8SG9Ui1K5sG2h+ST3+EQFDXDACdG4wj hBHaZ7IT8+TGYPXjnxMr2Cc= =n101 -----END PGP SIGNATURE----- --nextPart6531400.HeUU1V82GJ--