Hey guys

i´ve one big problem with nscd.conf this don´t work i tried many examples of configuration the nscd.conf simply don´t work when i stop the ldap server i try access by ssh on the client i can´t make logon.
And the database on /var/db/nscd don´t work.

follows below the conf of nscd.conf , nsswitch.conf

i don´t know what i doing wrong !!

please help !!!!

S.O red hat 5.7 64 Bit client

+++++++++++++++++++++++++++++++++++++++++++++++++
/etc/nsswitch.conf

passwd: db files ldap cache
shadow: db files ldap cache
group: db files ldap cache

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files ldap
networks: files ldap
protocols: db files
rpc: db files
services: db files
netgroup: files ldap
aliases: files ldap
sudoers: files ldap
+++++++++++++++++++++++++++++++++++++++++++++++++++++
/etc/nscd.conf

logfile /var/log/nscd.log
# threads 6
# max-threads 128
server-user nscd
# stat-user nocpulse
debug-level 0
reload-count unlimited
paranoia no
# restart-interval 3600

enable-cache passwd yes
positive-time-to-live passwd 60
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd no
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes

enable-cache group yes
positive-time-to-live group 60
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group no
shared group yes
max-db-size group 33554432
auto-propagate group yes

enable-cache hosts no
positive-time-to-live hosts 60
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

thank´s !!!!!

Are you able to switch to sssd instead?

I think so you have documentation that I explain how I set it

thanks for the help!

Just run the cmd below, it should be functional at the least:

i installed sssd but i can´t find anything conclusive about this
follow the configuration of sssd.conf simply don´t work it isn´t builds the database on /var/lib/sss/db however exist an archive config.ldb .

please i need help !!!!!

follow below configuration on /etc/sssd/sssd.conf * and /etc/nsswitch.conf remembering that nscd is offline.

==================================================================
/etc/sssd/sssd.conf

[sssd]
config_file_version = 2

# Number of times services should attempt to reconnect in the
# event of a crash or restart before they give up
reconnection_retries = 3

# If a back end is particularly slow you can raise this timeout here
sbus_timeout = 30
services = nss, pam

# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
; domains = LOCAL,LDAP
domains = default

[nss]
# The following prevents SSSD from searching for the root user/group in
# all domains (you can add here a comma-separated list of system accounts that
# are always going to be /etc/passwd users, or that you want to filter out).
filter_groups = ou=Group,dc=energia,dc=org,dc=br
filter_users = ou=People,dc=energia,dc=org,dc=br
reconnection_retries = 3

# The entry_cache_nowait_percentage indicates the percentage of the
# entry_cache_timeout to wait before updating the cache out-of-band.
# (NSS requests will still be returned from cache until the full
# entry_cache_timeout). Setting this value to 0 turns this feature
# off (default).
entry_cache_nowait_percentage = 300

[pam]
reconnection_retries = 3

# Example domain configurations
# Note that enabling enumeration in the following configurations will have a
# moderate performance impact while enumerations are actually running, and
# may increase the time necessary to detect network disconnection.
# Consequently, the default value for enumeration is FALSE.
# Refer to the sssd.conf man page for full details.

# Example LOCAL domain that stores all users natively in the SSSD internal
# directory. These local users and groups are not visible in /etc/passwd; it
# now contains only root and system accounts.

; [domain/LOCAL]
; description = LOCAL Users domain
; id_provider = local
; enumerate = true
; min_id = 500
; max_id = 999

# Example native LDAP domain
# ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute
# for group membership, or to "rfc2307bis", which uses the "member" attribute
# to denote group membership. Changes to this setting affect only how we
# determine the groups a user belongs to and will have no negative effect on
# data about the user itself. If you do not know this value, ask an
# administrator.
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://10.60.1.236
ldap_search_base = dc=energia,dc=org,dc=br
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400

# Example LDAP domain where the LDAP server is an Active Directory server.

; [domain/AD]
; description = LDAP domain with AD server
; enumerate = false
; min_id = 1000
;
; id_provider = ldap
; auth_provider = ldap
; ldap_uri = ldap://your.ad.server.com
; ldap_schema = rfc2307bis
; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
; ldap_default_authtok_type = password
; ldap_default_authtok = YOUR_PASSWORD
; ldap_user_object_class = person
; ldap_user_name = msSFU30Name
; ldap_user_uid_number = msSFU30UidNumber
; ldap_user_gid_number = msSFU30GidNumber
; ldap_user_home_directory = msSFU30HomeDirectory
; ldap_user_shell = msSFU30LoginShell
; ldap_user_principal = userPrincipalName
; ldap_group_object_class = group
; ldap_group_name = msSFU30Name
; ldap_group_gid_number = msSFU30GidNumber
; ldap_force_upper_case_realm = True

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

/etc/nsswitch.conf

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: db files ldap sss
shadow: db files ldap sss
group: db files ldap sss

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files ldap
networks: files ldap
protocols: db files
rpc: db files
services: db files

netgroup: files ldap

#publickey: nisplus

#automount: files ldap
aliases: files ldap

sudoers: files ldap
automount: files ldap



log /var/log/messages


Jul 26 10:57:23 lxbi01 yum: Installed: openldap24-libs-devel-2.4.23-5.el5.x86_64
Jul 26 11:00:21 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 11:00:21 lxbi01 sssd: Cannot load configuration database
Jul 26 11:03:16 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 11:03:16 lxbi01 sssd: Cannot load configuration database
Jul 26 11:04:17 lxbi01 sssd: Cannot load configuration database
Jul 26 11:05:51 lxbi01 sssd: Cannot load configuration database
Jul 26 11:37:58 lxbi01 sssd: Cannot load configuration database
Jul 26 13:41:03 lxbi01 sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
Jul 26 13:41:03 lxbi01 sssd: Cannot load configuration database

As the message says, you shouldn't run them at the same time please do:

thanks
but i still have some problem with configuration of sssd.conf it doesn't work
i have a big doubt how set up sssd.conf ?
on the above configuration where ´s wrong ?
==================================================================================================== =============
tail /var/log/messages

Jul 27 10:00:09 lxbi01 sssd: Cannot load configuration database
==================================================================================================== ===============


thanks one more time !!!

What do you see in /var/log/sssd/sssd.log ?

i don´t have this directory ....

what i do ?

Could you please run:

follows log in /var/log/sssd

Fri Jul 27 10:00:09 2012) [sssd] [confdb_get_domains] (0): No properly configured domains, fatal error!
(Fri Jul 27 10:00:09 2012) [sssd] [get_monitor_config] (0): No domains configured.
(Fri Jul 27 10:08:15 2012) [sssd] [confdb_get_domain_internal] (0): Unknown domain [lxat01]
(Fri Jul 27 10:08:15 2012) [sssd] [confdb_get_domains] (0): Error (2 [No such file or directory]) retrieving domain [lxat01], skipping!
(Fri Jul 27 10:08:15 2012) [sssd] [confdb_get_domains] (0): No properly configured domains, fatal error!
(Fri Jul 27 10:08:15 2012) [sssd] [get_monitor_config] (0): No domains configured.
(Fri Jul 27 10:09:03 2012) [sssd] [confdb_get_domain_internal] (0): Unknown domain [lxat01]
(Fri Jul 27 10:09:03 2012) [sssd] [confdb_get_domains] (0): Error (2 [No such file or directory]) retrieving domain [lxat01], skipping!
(Fri Jul 27 10:09:03 2012) [sssd] [confdb_get_domains] (0): No properly configured domains, fatal error!
(Fri Jul 27 10:09:03 2012) [sssd] [get_monitor_config] (0): No domains configured.


thanks !!!!