[CentOS] nscd
Has anyone had problems accessing random websites since going up to 6.4? Since about the day after I got partly upgraded, if I try to access nytimes.com, or orbitz.com, I get server not found. With a lot of work, I, my manager, and the other admin, found that setting options edns0 in /etc/resolv.conf fixed it - I suspect that the network folks updated their internal nameservers (which are M$) about that time... but... we got this Thurs. Friday, I went to look, lunchtime, at a story, and back to the same. Later, and I think I was playing around, it came back. Just now, over lunch, it failed... until I restarted nscd. My manager tells me it's caching... but it seems to be caching momentary failures. So: has anyone else seen oddness that might be related to nscd? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
m.r...@5-cent.us wrote: > Has anyone had problems accessing random websites since going up to 6.4? > > Since about the day after I got partly upgraded, if I try to access > nytimes.com, or orbitz.com, I get server not found. > > With a lot of work, I, my manager, and the other admin, found that setting > options edns0 in /etc/resolv.conf fixed it - I suspect that the network > folks updated their internal nameservers (which are M$) about that time... > but... we got this Thurs. Friday, I went to look, lunchtime, at a story, > and back to the same. Later, and I think I was playing around, it came > back. > > Just now, over lunch, it failed... until I restarted nscd. My manager > tells me it's caching... but it seems to be caching momentary failures. > > So: has anyone else seen oddness that might be related to nscd? A quick followup of myself to provide more info: I see, in /etc/nscd.conf, that all the negative ttl's appear to be 20 sec, but I'm resonably sure that once I lose it, it's > 20 sec before go back to try again, and it's still not gone. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
On Tue, Mar 26, 2013 at 6:26 AM, wrote: > Has anyone had problems accessing random websites since going up to 6.4? > > Since about the day after I got partly upgraded, if I try to access > nytimes.com, or orbitz.com, I get server not found. > > With a lot of work, I, my manager, and the other admin, found that setting > options edns0 in /etc/resolv.conf fixed it - I suspect that the network > folks updated their internal nameservers (which are M$) about that time... > but... we got this Thurs. Friday, I went to look, lunchtime, at a story, > and back to the same. Later, and I think I was playing around, it came > back. > > Just now, over lunch, it failed... until I restarted nscd. My manager > tells me it's caching... but it seems to be caching momentary failures. > > So: has anyone else seen oddness that might be related to nscd? > Do you want the whole book? 'nscd' is a synonym for weird. I've had many strange DNS issues which have been solved by either bouncing nscd or purging its cache entries. However, you appear to be using nscd on your machine to cache DNS and using the internal MS DSN servers to do the actual lookups. Am I correct? In which case, the MS DNS server should be caching the DNS lookups anyway, so you probably don't derive a lot of benefit from the nscd unless you do a lot of repeated DNS lookups. Cheers, Cliff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
On Tuesday, Cliff Pratt wrote: > On Tue, Mar 26, 2013 at 6:26 AM, wrote: >> Has anyone had problems accessing random websites since going up to 6.4? >> >> Since about the day after I got partly upgraded, if I try to access >> nytimes.com, or orbitz.com, I get server not found. >> >> With a lot of work, I, my manager, and the other admin, found that setting >> options edns0 in /etc/resolv.conf fixed it - I suspect that the network >> folks updated their internal nameservers (which are M$) about that time... >> but... we got this Thurs. Friday, I went to look, lunchtime, at a story, >> and back to the same. Later, and I think I was playing around, it came >> back. >> >> Just now, over lunch, it failed... until I restarted nscd. My manager >> tells me it's caching... but it seems to be caching momentary failures. >> >> So: has anyone else seen oddness that might be related to nscd? >> >Do you want the whole book? 'nscd' is a synonym for weird. I've had >many strange DNS issues which have been solved by either bouncing nscd >or purging its cache entries. > > However, you appear to be using nscd on your machine to cache DNS and > using the internal MS DSN servers to do the actual lookups. Am I > correct? In which case, the MS DNS server should be caching the DNS > lookups anyway, so you probably don't derive a lot of benefit from the > nscd unless you do a lot of repeated DNS lookups. > > Cheers, > > Cliff NSCD is also necessary if you're running an LDAP or NIS environment, so don't just turn it off if you're using external authentication services. In a Winbind environment, NSCD is unnecessary however. -- Gary L. Greene, Jr. Sr. Systems Administrator IT Operations Minerva Networks, Inc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
On Mon, Mar 25, 2013 at 11:06:31PM +, Gary Greene wrote: > NSCD is also necessary if you're running an LDAP or NIS environment, Not necessary in a NIS environment on a LAN 'cos NIS is UDP based and very very fast to respond. LDAP, however, pretty much needs nscd (or sssd) in order to be halfway near performant. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
On 03/25/2013 10:26 AM, m.r...@5-cent.us wrote: > Just now, over lunch, it failed... until I restarted nscd. My manager > tells me it's caching... but it seems to be caching momentary failures. That could be coincidence. As far as I know, Firefox will not use nscd for hostname lookups. I confirmed Firefox using strace, but not others. If edns0 changed your system's behavior, I would suspect that someone recently turned on DNSSEC, and it's not working correctly. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
On 03/25/2013 04:06 PM, Gary Greene wrote: > NSCD is also necessary if you're running an LDAP or NIS environment, > so don't just turn it off if you're using external authentication > services. In a Winbind environment, NSCD is unnecessary however. I would advise all users to migrate to sssd from nscd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
On Tue, Mar 26, 2013 at 12:06 PM, Gary Greene wrote: > On Tuesday, Cliff Pratt wrote: >> On Tue, Mar 26, 2013 at 6:26 AM, wrote: >>> Has anyone had problems accessing random websites since going up to 6.4? >>> >>> Since about the day after I got partly upgraded, if I try to access >>> nytimes.com, or orbitz.com, I get server not found. >>> >>> With a lot of work, I, my manager, and the other admin, found that setting >>> options edns0 in /etc/resolv.conf fixed it - I suspect that the network >>> folks updated their internal nameservers (which are M$) about that time... >>> but... we got this Thurs. Friday, I went to look, lunchtime, at a story, >>> and back to the same. Later, and I think I was playing around, it came >>> back. >>> >>> Just now, over lunch, it failed... until I restarted nscd. My manager >>> tells me it's caching... but it seems to be caching momentary failures. >>> >>> So: has anyone else seen oddness that might be related to nscd? >>> >>Do you want the whole book? 'nscd' is a synonym for weird. I've had >>many strange DNS issues which have been solved by either bouncing nscd >>or purging its cache entries. >> >> However, you appear to be using nscd on your machine to cache DNS and >> using the internal MS DSN servers to do the actual lookups. Am I >> correct? In which case, the MS DNS server should be caching the DNS >> lookups anyway, so you probably don't derive a lot of benefit from the >> nscd unless you do a lot of repeated DNS lookups. >> >> Cheers, >> >> Cliff > > NSCD is also necessary if you're running an LDAP or NIS environment, > so don't just turn it off if you're using external authentication services. In > a Winbind environment, NSCD is unnecessary however. > Ah, yes, indeed. Thanks Gary, Cliff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] nscd problem
Hi All, I just enabled nscd to see if I can speed up some operations on our large NFS/NIS environment, however, now that I've enabled nscd I am no longer able to sudo. Can someone please point me in the right direction? Everything was working fine prior to enabling it. -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : [EMAIL PROTECTED] Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd problem
James A. Peltier wrote: Hi All, I just enabled nscd to see if I can speed up some operations on our large NFS/NIS environment, however, now that I've enabled nscd I am no longer able to sudo. Can someone please point me in the right direction? Everything was working fine prior to enabling it. I found on another test machine, that when I disabled the caching of passwd it went back to working properly. The minute I enable passwd caching in /etc/nscd.conf it stops working. -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : [EMAIL PROTECTED] Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd problem
On Wed, 2007-10-24 at 16:40 -0700, James A. Peltier wrote: > James A. Peltier wrote: > > Hi All, > > > > I just enabled nscd to see if I can speed up some operations on our > > large NFS/NIS environment, however, now that I've enabled nscd I am no > > longer able to sudo. Can someone please point me in the right > > direction? Everything was working fine prior to enabling it. > > > > I found on another test machine, that when I disabled the caching of > passwd it went back to working properly. The minute I enable passwd > caching in /etc/nscd.conf it stops working. > Are you using an account that's defined both locally and in NIS? -Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd problem
Steve Rigler wrote: On Wed, 2007-10-24 at 16:40 -0700, James A. Peltier wrote: James A. Peltier wrote: Hi All, I just enabled nscd to see if I can speed up some operations on our large NFS/NIS environment, however, now that I've enabled nscd I am no longer able to sudo. Can someone please point me in the right direction? Everything was working fine prior to enabling it. I found on another test machine, that when I disabled the caching of passwd it went back to working properly. The minute I enable passwd caching in /etc/nscd.conf it stops working. Are you using an account that's defined both locally and in NIS? -Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos No it's strictly NIS for my account information. -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : [EMAIL PROTECTED] Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] nscd does not resolve groups
Hi all, I have set up nscd on my CentOS 5 box with nss_ldap. getent shows all LDAP groups correctly but 'id' only shows the users primary group. Best Regards Marcus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] nscd segfaulting on centos 4.5
Does anyone know if there is a fix for nscd segfaulting after a short period of time. Googling for it came up with one result that suggested deleting the files in /var/db/nscd , but that didn't help. Another result was about run away processes which is not the problem I'm having. They are x86_64 boxes. output from /var/log/messages Oct 9 12:56:38 lyra kernel: nscd[11660]: segfault at 002b401fee8b rip 00552aab7966 rsp 408029e0 error 4 Oct 9 13:16:38 lyra kernel: nscd[12540]: segfault at 002b401fee8b rip 00552aab7966 rsp 408029e0 error 4 output from dmesg nscd[12540]: segfault at 002b401fee8b rip 00552aab7966 rsp 408029e0 error 4 nscd[13640]: segfault at 002b401fee8b rip 00552aab7946 rsp 40a039e0 error 4 output from uname 2.6.9-55.0.9.ELsmp #1 SMP Thu Sep 27 18:28:00 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd does not resolve groups
On Wed, 2010-04-21 at 09:49 +0200, Marcus Moeller wrote: > Hi all, > > I have set up nscd on my CentOS 5 box with nss_ldap. getent shows all > LDAP groups correctly but 'id' only shows the users primary group. > --- "id -G" ?? Show All? John ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/9/07, jlee wrote: > output from /var/log/messages > Oct 9 12:56:38 lyra kernel: nscd[11660]: segfault at 002b401fee8b rip > 00552aab7966 rsp 408029e0 error 4 > Oct 9 13:16:38 lyra kernel: nscd[12540]: segfault at 002b401fee8b rip > 00552aab7966 rsp 408029e0 error 4 I'm starting to have this problem as well. I have two mail servers running courier and postfix. They've been up for a couple weeks but I just put them into production monday this week, two days ago. Oct 9 07:34:49 ash kernel: nscd[3455]: segfault at 40201000 rip 55563274 rsp 401a1df0 error 6 Oct 9 07:35:20 ash nscd: 27206 invalid persistent database file "/var/db/nscd/passwd": verification failed Oct 10 07:33:37 oak kernel: nscd[25051]: segfault at 40201000 rip 55563274 rsp 401a73a0 error 6 Oct 10 07:33:48 oak nscd: 29526 invalid persistent database file "/var/db/nscd/passwd": verification failed The first time it had happened, I was using the stock /etc/nscd.conf file. The second time it happened on the other server, I had doubled the max-db-size passwd value to 67108864. Both servers are running CentOS 5, firewall disabled and no SELinux . Linux ash 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux (24)[11:58am] # yum list nscd nscd.x86_64 2.5-12 installed # ls -la /etc/ldap* lrwxrwxrwx 1 root root 18 Sep 27 15:14 /etc/ldap.conf -> openldap/ldap.conf lrwxrwxrwx 1 root root 20 Sep 27 15:14 /etc/ldap.secret -> openldap/ldap.secret # ls -la /etc/openldap/ldap.* - -rw-r--r-- 1 root root 8974 Sep 27 13:55 /etc/openldap/ldap.conf - -rw--- 1 root root 10 Sep 27 13:56 /etc/openldap/ldap.secret My ldap.conf # grep '^[^#]' /etc/ldap.conf base dc=xxx,dc=xxx uri ldap://ldap-1.xxx.xxx binddn cn=foo,ou=bar,dc=xxx,dc=xxx bindpw rootbinddn cn=foo,ou=bar,dc=xxx,dc=xxx scope sub timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 pam_check_host_attr yes nss_base_passwd dc=xxx,dc=net?sub nss_base_shadow dc=xxx,dc=net?sub pam_password clear nss_base_group ou=Group,dc=xxx,dc=xxx?one TLS_REQCERT request TLS_CACERT /usr/local/etc/openldap/certs/cacert.pem The two previous servers did not have this particular problem. They were not identical hardware, but identical os install and config, Any clues? - -- Andy Harrison public key: 0x67518262 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHDMKYNTm8fWdRgmIRAtIwAKD551auIXb2TgY4lGacCtj0LqiP7gCeNtZf MUcNfeNeZx4MYt/2F4BDCP0= =CoxF -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
On Wed, 2007-10-10 at 08:16 -0400, Andy Harrison wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > On 10/9/07, jlee wrote: > > output from /var/log/messages > > Oct 9 12:56:38 lyra kernel: nscd[11660]: segfault at 002b401fee8b rip > > 00552aab7966 rsp 408029e0 error 4 > > Oct 9 13:16:38 lyra kernel: nscd[12540]: segfault at 002b401fee8b rip > > 00552aab7966 rsp 408029e0 error 4 > > > I'm starting to have this problem as well. I have two mail servers > running courier and postfix. They've been up for a couple weeks but I > just put them into production monday this week, two days ago. > > Oct 9 07:34:49 ash kernel: nscd[3455]: segfault at 40201000 > rip 55563274 rsp 401a1df0 error 6 > Oct 9 07:35:20 ash nscd: 27206 invalid persistent database file > "/var/db/nscd/passwd": verification failed > > > Oct 10 07:33:37 oak kernel: nscd[25051]: segfault at 40201000 > rip 55563274 rsp 401a73a0 error 6 > Oct 10 07:33:48 oak nscd: 29526 invalid persistent database file > "/var/db/nscd/passwd": verification failed > > The first time it had happened, I was using the stock /etc/nscd.conf > file. The second time it happened on the other server, I had doubled > the max-db-size passwd value to 67108864. > > Both servers are running CentOS 5, firewall disabled and no SELinux . > > Linux ash 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007 x86_64 > x86_64 x86_64 GNU/Linux > > (24)[11:58am] # yum list nscd > nscd.x86_64 2.5-12 installed > > > > # ls -la /etc/ldap* > lrwxrwxrwx 1 root root 18 Sep 27 15:14 /etc/ldap.conf -> openldap/ldap.conf > lrwxrwxrwx 1 root root 20 Sep 27 15:14 /etc/ldap.secret -> > openldap/ldap.secret > # ls -la /etc/openldap/ldap.* > - -rw-r--r-- 1 root root 8974 Sep 27 13:55 /etc/openldap/ldap.conf > - -rw--- 1 root root 10 Sep 27 13:56 /etc/openldap/ldap.secret > > > My ldap.conf > # grep '^[^#]' /etc/ldap.conf > base dc=xxx,dc=xxx > uri ldap://ldap-1.xxx.xxx > binddn cn=foo,ou=bar,dc=xxx,dc=xxx > bindpw > rootbinddn cn=foo,ou=bar,dc=xxx,dc=xxx > scope sub > timelimit 30 > bind_timelimit 30 > bind_policy soft > idle_timelimit 3600 > pam_check_host_attr yes > nss_base_passwd dc=xxx,dc=net?sub > nss_base_shadow dc=xxx,dc=net?sub > pam_password clear > nss_base_group ou=Group,dc=xxx,dc=xxx?one > TLS_REQCERT request > TLS_CACERT /usr/local/etc/openldap/certs/cacert.pem > > The two previous servers did not have this particular problem. They > were not identical hardware, but identical os install and config, > > Any clues? --- I don't generally use nscd any longer but since it is a dynamic system, why not just stop nscd and delete the db and then restart nscd service since it is certain to recreate it? (or perhaps move it out of the way to be safe)... /sbin/service nscd stop mv /var/db/nscd/* /tmp /sbin/service nscd start Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
Craig White wrote: On Wed, 2007-10-10 at 08:16 -0400, Andy Harrison wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/9/07, jlee wrote: output from /var/log/messages Oct 9 12:56:38 lyra kernel: nscd[11660]: segfault at 002b401fee8b rip 00552aab7966 rsp 408029e0 error 4 Oct 9 13:16:38 lyra kernel: nscd[12540]: segfault at 002b401fee8b rip 00552aab7966 rsp 408029e0 error 4 I'm starting to have this problem as well. I have two mail servers running courier and postfix. They've been up for a couple weeks but I just put them into production monday this week, two days ago. Oct 9 07:34:49 ash kernel: nscd[3455]: segfault at 40201000 rip 55563274 rsp 401a1df0 error 6 Oct 9 07:35:20 ash nscd: 27206 invalid persistent database file "/var/db/nscd/passwd": verification failed Oct 10 07:33:37 oak kernel: nscd[25051]: segfault at 40201000 rip 55563274 rsp 401a73a0 error 6 Oct 10 07:33:48 oak nscd: 29526 invalid persistent database file "/var/db/nscd/passwd": verification failed The first time it had happened, I was using the stock /etc/nscd.conf file. The second time it happened on the other server, I had doubled the max-db-size passwd value to 67108864. Both servers are running CentOS 5, firewall disabled and no SELinux . Linux ash 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux (24)[11:58am] # yum list nscd nscd.x86_64 2.5-12 installed # ls -la /etc/ldap* lrwxrwxrwx 1 root root 18 Sep 27 15:14 /etc/ldap.conf -> openldap/ldap.conf lrwxrwxrwx 1 root root 20 Sep 27 15:14 /etc/ldap.secret -> openldap/ldap.secret # ls -la /etc/openldap/ldap.* - -rw-r--r-- 1 root root 8974 Sep 27 13:55 /etc/openldap/ldap.conf - -rw--- 1 root root 10 Sep 27 13:56 /etc/openldap/ldap.secret My ldap.conf # grep '^[^#]' /etc/ldap.conf base dc=xxx,dc=xxx uri ldap://ldap-1.xxx.xxx binddn cn=foo,ou=bar,dc=xxx,dc=xxx bindpw rootbinddn cn=foo,ou=bar,dc=xxx,dc=xxx scope sub timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 pam_check_host_attr yes nss_base_passwd dc=xxx,dc=net?sub nss_base_shadow dc=xxx,dc=net?sub pam_password clear nss_base_group ou=Group,dc=xxx,dc=xxx?one TLS_REQCERT request TLS_CACERT /usr/local/etc/openldap/certs/cacert.pem The two previous servers did not have this particular problem. They were not identical hardware, but identical os install and config, Any clues? --- I don't generally use nscd any longer but since it is a dynamic system, why not just stop nscd and delete the db and then restart nscd service since it is certain to recreate it? (or perhaps move it out of the way to be safe)... /sbin/service nscd stop mv /var/db/nscd/* /tmp /sbin/service nscd start Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I tried deleting the db files on one of th boxes after seeing this on the web, but nscd segfaulted less than half an hour later. This problem seems to happen only with x86_64 boxes. Another box here is x86_32 and has no issues with nscd. I would like to drop this service but there are critical apps that require it since authentication comes through openldap. It does not seem to be hardware specific since the two x86_64 boxes have different mobo, one abit and one asus. The logger is turned on for nscd but nothing looks unusual in them, and it has been difficult finding which pid precedes the segfault. Can malformed addresses cause nscd to segfault? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
On Wed, 2007-10-10 at 10:19 -0500, jlee wrote: > > Craig White wrote: > > On Wed, 2007-10-10 at 08:16 -0400, Andy Harrison wrote: > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> > >> > >> > >> On 10/9/07, jlee wrote: > >>> output from /var/log/messages > >>> Oct 9 12:56:38 lyra kernel: nscd[11660]: segfault at 002b401fee8b > >>> rip 00552aab7966 rsp 408029e0 error 4 > >>> Oct 9 13:16:38 lyra kernel: nscd[12540]: segfault at 002b401fee8b > >>> rip 00552aab7966 rsp 408029e0 error 4 > >> > >> I'm starting to have this problem as well. I have two mail servers > >> running courier and postfix. They've been up for a couple weeks but I > >> just put them into production monday this week, two days ago. > >> > >> Oct 9 07:34:49 ash kernel: nscd[3455]: segfault at 40201000 > >> rip 55563274 rsp 401a1df0 error 6 > >> Oct 9 07:35:20 ash nscd: 27206 invalid persistent database file > >> "/var/db/nscd/passwd": verification failed > >> > >> > >> Oct 10 07:33:37 oak kernel: nscd[25051]: segfault at 40201000 > >> rip 55563274 rsp 401a73a0 error 6 > >> Oct 10 07:33:48 oak nscd: 29526 invalid persistent database file > >> "/var/db/nscd/passwd": verification failed > >> > >> The first time it had happened, I was using the stock /etc/nscd.conf > >> file. The second time it happened on the other server, I had doubled > >> the max-db-size passwd value to 67108864. > >> > >> Both servers are running CentOS 5, firewall disabled and no SELinux . > >> > >> Linux ash 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007 x86_64 > >> x86_64 x86_64 GNU/Linux > >> > >> (24)[11:58am] # yum list nscd > >> nscd.x86_64 2.5-12 installed > >> > >> > >> > >> # ls -la /etc/ldap* > >> lrwxrwxrwx 1 root root 18 Sep 27 15:14 /etc/ldap.conf -> > >> openldap/ldap.conf > >> lrwxrwxrwx 1 root root 20 Sep 27 15:14 /etc/ldap.secret -> > >> openldap/ldap.secret > >> # ls -la /etc/openldap/ldap.* > >> - -rw-r--r-- 1 root root 8974 Sep 27 13:55 /etc/openldap/ldap.conf > >> - -rw--- 1 root root 10 Sep 27 13:56 /etc/openldap/ldap.secret > >> > >> > >> My ldap.conf > >> # grep '^[^#]' /etc/ldap.conf > >> base dc=xxx,dc=xxx > >> uri ldap://ldap-1.xxx.xxx > >> binddn cn=foo,ou=bar,dc=xxx,dc=xxx > >> bindpw > >> rootbinddn cn=foo,ou=bar,dc=xxx,dc=xxx > >> scope sub > >> timelimit 30 > >> bind_timelimit 30 > >> bind_policy soft > >> idle_timelimit 3600 > >> pam_check_host_attr yes > >> nss_base_passwd dc=xxx,dc=net?sub > >> nss_base_shadow dc=xxx,dc=net?sub > >> pam_password clear > >> nss_base_group ou=Group,dc=xxx,dc=xxx?one > >> TLS_REQCERT request > >> TLS_CACERT /usr/local/etc/openldap/certs/cacert.pem > >> > >> The two previous servers did not have this particular problem. They > >> were not identical hardware, but identical os install and config, > >> > >> Any clues? > > --- > > I don't generally use nscd any longer but since it is a dynamic system, > > why not just stop nscd and delete the db and then restart nscd service > > since it is certain to recreate it? (or perhaps move it out of the way > > to be safe)... > > > > /sbin/service nscd stop > > mv /var/db/nscd/* /tmp > > /sbin/service nscd start > > > > I tried deleting the db files on one of th boxes after seeing this on the > web, but nscd > segfaulted less than half an hour later. This problem seems to happen only > with x86_64 boxes. Another box here is x86_32 and has no issues with nscd. > > I would like to drop this service but there are critical apps that require > it since authentication comes through openldap. It does not seem to be > hardware specific > since the two x86_64 boxes have different mobo, one abit and one asus. > > The logger is turned on for nscd but nothing looks unusual in them, and it > has been > difficult finding which pid precedes the segfault. > > Can malformed addresses cause nscd to segfault? I don't know the answer to that but it would seem that if that were the case, the problem would exist with i386 version. I suppose you will have to attach an strace to the pid and then create a bugzilla entry with attached strace - probably on the upstream provider. As for 'critical apps that require' nscd...I don't personally know of any and if we are talking about CentOS-5 which has 2.3.27 version of openldap...the 2.3.x versions are very fast and I'm not certain that nscd is of all that much benefit (but I don't know because I have never tested it out). -- Craig White <[EMAIL PROTECTED]> ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/10/07, Craig White wrote: > As for 'critical apps that require' nscd...I don't personally know of > any and if we are talking about CentOS-5 which has 2.3.27 version of > openldap...the 2.3.x versions are very fast and I'm not certain that > nscd is of all that much benefit (but I don't know because I have never > tested it out). Can CentOS (openldap) be configured to work without nscd for file ownership over nfs mounted volumes? - -- Andy Harrison public key: 0x67518262 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHDRgBNTm8fWdRgmIRArleAKD6WhPE9Vl9SjzaDSm1wvPaal+S9gCgz5mM qxeNPO/oeANJ8MGUio+1tZs= =zDoV -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
On Wed, 2007-10-10 at 14:20 -0400, Andy Harrison wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > On 10/10/07, Craig White wrote: > > As for 'critical apps that require' nscd...I don't personally know of > > any and if we are talking about CentOS-5 which has 2.3.27 version of > > openldap...the 2.3.x versions are very fast and I'm not certain that > > nscd is of all that much benefit (but I don't know because I have never > > tested it out). > > Can CentOS (openldap) be configured to work without nscd for file > ownership over nfs mounted volumes? obviously, I don't understand the question because I have users mounting both their home directories and the common files via NFS and I don't use nscd... [EMAIL PROTECTED] craig]# ps aux|grep nfs root 3934 0.0 0.0 0 0 ?S< May19 0:00 [nfsd4] root 3935 0.0 0.0 0 0 ?SMay19 8:22 [nfsd] root 3936 0.0 0.0 0 0 ?SMay19 8:36 [nfsd] root 3937 0.0 0.0 0 0 ?SMay19 8:31 [nfsd] root 3938 0.0 0.0 0 0 ?SMay19 8:20 [nfsd] root 3939 0.0 0.0 0 0 ?SMay19 8:24 [nfsd] root 3940 0.0 0.0 0 0 ?SMay19 8:23 [nfsd] root 3941 0.0 0.0 0 0 ?SMay19 8:17 [nfsd] root 3942 0.0 0.0 0 0 ?SMay19 8:32 [nfsd] root 28661 0.0 0.0 3888 728 pts/16 S+ 11:23 0:00 grep nfs [EMAIL PROTECTED] craig]# service nscd status nscd is stopped -- Craig White <[EMAIL PROTECTED]> ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/10/07, Craig White wrote: > obviously, I don't understand the question because I have users mounting > both their home directories and the common files via NFS and I don't use > nscd... > But do the user accounts exist in the local passwd file or in ldap? - -- Andy Harrison public key: 0x67518262 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHDRnHNTm8fWdRgmIRAiGtAKDfLxYNusmlG4iFGLKHpzwsSMvfdACg5Uq1 si6WOHfm3W5PuAmrv6joprc= =5Ltg -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
On Wed, 2007-10-10 at 14:28 -0400, Andy Harrison wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > On 10/10/07, Craig White wrote: > > obviously, I don't understand the question because I have users mounting > > both their home directories and the common files via NFS and I don't use > > nscd... > > > > > But do the user accounts exist in the local passwd file or in ldap? user accounts in ldap accounts < 500 in /etc/passwd -- Craig White <[EMAIL PROTECTED]> ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/10/07, Craig White wrote: > > user accounts in ldap > > accounts < 500 in /etc/passwd Could you provide some more detail? Until I rig up nscd, when I look at an nfs volume, I see nothing but uid's and gid's for the file ownership. Aside from 4 or 5 additional accounts, my passwd file is stock. All my accounts (50,000+) are in ldap. - -- Andy Harrison public key: 0x67518262 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHDSARNTm8fWdRgmIRAvvwAKDf5FJAaApziodaEdF72Wf36kDu2wCg5cmi vNuK263lwbN21O/Kygb7oRY= =R51Q -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5
On Wed, 2007-10-10 at 14:54 -0400, Andy Harrison wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > On 10/10/07, Craig White wrote: > > > > user accounts in ldap > > > > accounts < 500 in /etc/passwd > > Could you provide some more detail? Until I rig up nscd, when I look > at an nfs volume, I see nothing but uid's and gid's for the file > ownership. Aside from 4 or 5 additional accounts, my passwd file is > stock. All my accounts (50,000+) are in ldap. what's to detail? [EMAIL PROTECTED] craig]# grep passwd /etc/nsswitch.conf #passwd:db files nisplus nis passwd: files ldap [EMAIL PROTECTED] craig]# getent passwd|grep craig craig:x:1000:100:Craig White:/home/storage/users/craig:/bin/sh uid/gid's as numbers might be a little less convenient but still operable. [EMAIL PROTECTED] craig]# ls -ld /home/storage/users/craig/ drwx--x--x 116 craig users 12288 Oct 9 14:00 /home/storage/users/craig/ but it still shows user 'craig' and user 'craig' is in ldap and nscd is indeed off -- Craig White <[EMAIL PROTECTED]> ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd segfaulting on centos 4.5 (mystery solved, kind of)
Andy Harrison wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/10/07, Craig White wrote:
As for 'critical apps that require' nscd...I don't personally know of
any and if we are talking about CentOS-5 which has 2.3.27 version of
openldap...the 2.3.x versions are very fast and I'm not certain that
nscd is of all that much benefit (but I don't know because I have never
tested it out).
Can CentOS (openldap) be configured to work without nscd for file
ownership over nfs mounted volumes?
- --
Andy Harrison
Problem solved (kind of). Openldap was working for logins, but not for
launching certain apps, that's why nscd was installed. Launching acroread
with strace showed the following.
[2]$ strace /usr/local/Adobe/Acrobat7.0/bin/acroread 2>&1|tee| grep nss
open("/etc/nsswitch.conf", O_RDONLY)= 4
read(4, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1658
open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_files.so.2",
O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libnss_files.so.2", O_RDONLY) = 4
open("/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libnss_ldap.so.2",
O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib64/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/i686/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/usr/lib/tls/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
With the i386 libs for ldap installed acroread along with other programs were
able to get
their user id authentication and run properly, therefore nscd was no longer
needed.
This did not solve the mystery of why nscd was dying, just eliminated the need
for it.
Here is part of the strace on nscd (4096 is the pid). There is a lot of stuff
above this,
but the end where is segfaults always looks pretty much the same.
geteuid32() = 430
open("/etc/passwd", O_RDONLY) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
fstat64(0x4, 0xcd2c)= 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0x1000)
= 0xf7429000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1946
read(4, "", 4096) = 0
close(4)= 0
munmap(0xf7429000, 4096)= 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
exit_group(1) = ?
Process 27033 detached
Haven't tested to see if the i386 libnss_ldap fixed the nscd issue.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
