Date: Mon, 8 May 2006 22:27:47 -0500 From: "Z.C.B." <vvelox@vvelox.net> To: freebsd-questions@freebsd.org Subject: Re: nsswitch.conf with ldap Message-ID: <20060508222747.71ce917c@vixen42.vulpes> In-Reply-To: <20060509021620.GB65368@dan.emsphone.com> References: <7daacbbe0601181356q131bc2d7kd044d924e13079f2@mail.gmail.com> <20060507174256.09c33510@vixen42.vulpes> <df9ac37c0605080827i77a836afje0635ef748419e8d@mail.gmail.com> <20060508182308.6e8d9aac@vixen42.vulpes> <df9ac37c0605081631q283c691ah8c9f7af94e683ca3@mail.gmail.com> <20060508184412.4ccbf90c@vixen42.vulpes> <df9ac37c0605081717i34f3158dwdf1e7c1cf2c4620d@mail.gmail.com> <20060509021620.GB65368@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 May 2006 21:16:20 -0500 Dan Nelson <dnelson@allantgroup.com> wrote: > In the last episode (May 08), Atom Powers said: > > On 5/8/06, Z.C.B. <vvelox@vvelox.net> wrote: > > >> I don't know if it will help your problem, I'm struggling > > >> through my own pam/nss/ldap issues, but it is a part of the > > >> picture. > > > > > >I am curious. Do you run into problems with SSH and xterm, but > > >everything else works? That is what I am currently hitting. > > > > > >initgroups(kitsune,1001): Invalid argument > > man initgroups: > > ERRORS > The initgroups() function may fail and set errno for any of > the errors specified for the library function setgroups(2). > > man setgroups: > > [EINVAL] The number specified in the ngroups argument is larger > than the NGROUPS limit. > > Either get out of some groups, or raise NGROUPS (this may affect NFS > though). Nope. I built my LDAP user and group entries from my NIS group entries. If I put it back to "files nis" from "files ldap" it works. > > > Is what it is kicking into /var/log/messages. That is right > > > after I authenticate. > > > > No, my problem is with local login when the LDAP server is > > unavailable. It hangs for about two minutes before logging in. I > > think I've tracked this down to an nss timeout somewhere. > > Newer version of nss_ldap have timeout veriables to adjust this, but > your best solution would be to set up another ldap server and put > them both in your ldap.conf so you'll never be without one. It still waits.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060508222747.71ce917c>