Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 May 2006 22:27:47 -0500
From:      "Z.C.B." <vvelox@vvelox.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: nsswitch.conf with ldap
Message-ID:  <20060508222747.71ce917c@vixen42.vulpes>
In-Reply-To: <20060509021620.GB65368@dan.emsphone.com>
References:  <7daacbbe0601181356q131bc2d7kd044d924e13079f2@mail.gmail.com> <20060507174256.09c33510@vixen42.vulpes> <df9ac37c0605080827i77a836afje0635ef748419e8d@mail.gmail.com> <20060508182308.6e8d9aac@vixen42.vulpes> <df9ac37c0605081631q283c691ah8c9f7af94e683ca3@mail.gmail.com> <20060508184412.4ccbf90c@vixen42.vulpes> <df9ac37c0605081717i34f3158dwdf1e7c1cf2c4620d@mail.gmail.com> <20060509021620.GB65368@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 8 May 2006 21:16:20 -0500
Dan Nelson <dnelson@allantgroup.com> wrote:

> In the last episode (May 08), Atom Powers said:
> > On 5/8/06, Z.C.B. <vvelox@vvelox.net> wrote:
> > >> I don't know if it will help your problem, I'm struggling
> > >> through my own pam/nss/ldap issues, but it is a part of the
> > >> picture.
> > >
> > >I am curious. Do you run into problems with SSH and xterm, but
> > >everything else works? That is what I am currently hitting.
> > >
> > >initgroups(kitsune,1001): Invalid argument
> 
> man initgroups:
> 
>     ERRORS
>         The initgroups() function may fail and set errno for any of
> the errors specified for the library function setgroups(2).
> 
> man setgroups:
> 
>     [EINVAL] The number specified in the ngroups argument is larger
>              than the NGROUPS limit.
> 
> Either get out of some groups, or raise NGROUPS (this may affect NFS
> though).

Nope. I built my LDAP user and group entries from my NIS group
entries. If I put it back to "files nis" from "files ldap" it works.


> > > Is what it is kicking into /var/log/messages. That is right
> > > after I authenticate.
> > 
> > No, my problem is with local login when the LDAP server is
> > unavailable. It hangs for about two minutes before logging in. I
> > think I've tracked this down to an nss timeout somewhere.
> 
> Newer version of nss_ldap have timeout veriables to adjust this, but
> your best solution would be to set up another ldap server and put
> them both in your ldap.conf so you'll never be without one.

It still waits.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060508222747.71ce917c>