[prev in list] [next in list] [prev in thread] [next in thread]
List: nssldap
Subject: [nssldap] Very strange problems with ?LDAP?
From: Bartlomiej Solarz-Niesluchowski <B.Solarz-Niesluchowski () wsisiz ! edu ! pl>
Date: 2002-09-10 12:25:14
[Download RAW message or body]
Good Morning!
I am system administrator of server which has about 6500 users.
System is on dual PIII 1GHz/2GB RAM/280GB SCSI HDD (intel STL2)
os is RH 7.3 (tried kernels 2.4.19rc1-2.4.19-2.4.20pre5)
on system is userquota on ext3 and userquota on ext2
the passwd is prepopulated with LDAPified users (so it has about 6500 entries).
the shadow has only 20 system users.
nss_ldap is 201 pam_ldap is 150
on /etc/nsswitch.conf is:
group: files nisplus
passwd: files ldap
shadow: files
on /etc/ldap.conf is:
URI ldap://213.135.44.45 ldap://213.135.44.34
BASE dc=wsisiz,dc=edu,dc=pl
rootbinddn cn=manager,dc=wsisiz,dc=edu,dc=pl
TIMELIMIT 25
DEREF never
nss_base_passwd dc=wsisiz,dc=edu,dc=pl?sub
nss_base_shadow dc=wsisiz,dc=edu,dc=pl?sub
nss_base_group ou=Groups,dc=wsisiz,dc=edu,dc=pl?one
pam_filter objectclass=account
ssl no
pam_password md5
system has PDC samba on board too:
ldap server = mythodea ldap oceanic
ldap port = 389
ldap suffix = dc=wsisiz,dc=edu,dc=pl
ldap admin dn = cn=Manager,dc=wsisiz,dc=edu,dc=pl
ldap ssl = no
on that system is postfix with LDAP aliases too:
alias_maps = hash:/etc/mail/aliases, ldap:ldapsource
ldapsource_server_host = 213.135.44.45 213.135.44.34
ldapsource_search_base = ou=Aliases,dc=wsisiz,dc=edu,dc=pl
ldapsource_result_attribute = rfc822MailMember
ldapsource_query_filter = (&(cn=%s))
in /etc/pam.d/system-auth is:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shado
w
#password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_smbpass.so
try_first_pass use_authtok smbconf=/etc/samba/smb.conf
#password required /lib/security/pam_deny.so
#session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
nscd is totally disabled.....
I use shadowaccount details.
all software is in current version.
PROBLEM:
After some time (e.g. 2h-80h) system "deadlock"....
deadlock looks like:
no one can log in (but e.g. console switching works)
ping works
logs are cut
when I leave root login on console I can make commands but shell does not
return (e.g. I can made command like w, kill but after command I have no
shell prompt)
processes are in state D (mostly swapper)
swap is almost free - count of processes are about 500 (kernel is compiled
with 4090 processes)
I look in open files usage but it is quite normal (up to 7000 - nr files
max is about 32k)
LDAP servers works without problems whole time.
Does somebody help me to debug WHAT is wrong - I tested this config many
time I do not found anything wrong - if I do not found solution to 1.10 I
must return to plain files passwd + shadow (how return from LDAP passwords
to shadow?).
Hardware is totally OK (just to be sure I switch hardware between servers)
Before migration to LDAP -> server has uptime about 90 days....
What can block the whole system - I suspect that bug sit in nss_ldap (i
think it is different version of
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=19923 ) because it is
only one software which can make deadlock like that (it blocks
getpwbyname())....
If some more information is needed I will answer immediately.....
Best Regards
--
Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ
e-mail: B.Solarz-Niesluchowski@wsisiz.edu.pl
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic