Re: [Cooker] MDK 9.0: Use of nss_ldap causes /usr not to unmount
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vincent Danen wrote: | | On Thursday, October 17, 2002, at 02:00 AM, Buchan Milne wrote: | | Mandrake development is open, you could have tested it, and it would | have been found earlier. It's pretty obvious that Mandrakesoft can't | employ enough people to test everything, that's what cooker and the | beta releases are for. Bugs are theirs, but only if they know about them. | | | Absolutely. We can't test every single thing. For instance, being the | maintainer of openssh, I couldn't be bothered to test to make sure that | putty, ssh (commercial), and every other ssh client for every other | platform works. Does this make me an irresponsible maintainer? I don't | think so. As long as openssh-openssh works, and rbrowser on my OS X | machine can connect to my linux box over openssh, I'm satisfied it | works. I also won't setup a kerberos realm in order to test kerberos | authentication. I am not sure it's the best approach to have people maitaining (at least without reasonable input from people who do) software they don't use. There are almost always more things that can be done to have a package work better. I don't think apache2 would be the same without Oden, and I hope I have made a difference to samba (and there are many others who help make other packages better of course). (And no, I can't afford to spend time on LDAP also unless it applies to samba, sorry Vince.). These sorts of tests can (and should) be done by the | authors/beta testers of the actual software... I leave it to the openssh | team to fix/test these things. I'll make sure that openssh runs on | Mandrake in the more typical scenarios and move on to other work. | [...] | Thanks for the bug report. Vince, will you take a look at this? | | | When I have a chance, I'll take a look at it. Seems like I've somehow | filled the role of resident LDAP expert (dunno how...). Maybe the fact that you're the maintainer of the package, and author of some of the better LDAP docs around? | | I've still got an 8.2 server setup as an LDAP authentication server, but | I'm not actually using it as such across the network due to my findings | when I wrote the piece for MandrakeSecure. AFAIK, there have been new | versions of pam_ldap and nss_ldap recently, and some interesting mails | across the mailing list so when I've got a chance, I hope to revise the | document and possibly come up with a better and more reliable method of | handling authentication. When I do, I'll give it a shot and even waste | some time installing in vmware with a separate /usr partition | specifically for this test. | I've got a production box running an ldap server on 8.2, and another one will be setup soon (probably running 9.0). I should still make some more docs for running samba on LDAP ... there are some issues still. Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9to85rJK6UGDSBKcRAs5ZAJ9Yw0vLL3rRUDM3e+Tg+En8VOFfkQCfaSOK ru/7bnnXcXHUQjw2wEwItbM= =mTO2 -END PGP SIGNATURE-
Re: [Cooker] MDK 9.0: Use of nss_ldap causes /usr not to unmount
So sprach Vincent Danen am 2002-10-20 um 22:34:01 -0600 : and /var/qmail are on their own partitions... This is probably the reason the problem hasn't been seen before. Again, does this mean Actually, that's not true. MANY months before, I reported that I cannot reboot (I still can't). And I've got a seperate /usr and also use LDAP. However, unlike this somewhat arrogant other fellow, I failed to make the connection that LDAP and a /usr partition don't play well together. Anyhow - just a short AOL! Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.iso-top.biz |Jabber: [EMAIL PROTECTED] iso-top.biz - Die günstige Art an Linux Distributionen zu kommen Uptime: 5 hours 11 minutes
Re: [Cooker] MDK 9.0: Use of nss_ldap causes /usr not to unmount
On Monday, October 21, 2002, at 03:27 PM, Alexander Skwar wrote:
and /var/qmail are on their own partitions... This is probably the
reason the problem hasn't been seen before. Again, does this mean
Actually, that's not true. MANY months before, I reported that I
cannot
reboot (I still can't). And I've got a seperate /usr and also use
LDAP.
However, unlike this somewhat arrogant other fellow, I failed to make
the connection that LDAP and a /usr partition don't play well together.
What happens when you reboot? Does the system hang?
Anyhow - just a short AOL!
Ok... thanks. I'll be trying to take a look into this soon.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
lynx - source http://linsec.ca/vdanen.asc | gpg --import
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: PGP signature
Re: [Cooker] MDK 9.0: Use of nss_ldap causes /usr not to unmount
So sprach Vincent Danen am 2002-10-21 um 16:46:49 -0600 : What happens when you reboot? Does the system hang? Yes, exactly. The system is hanging when it tries to umount all the partitions. When I presss SysReq+S, I see / (of course) and /usr are still mounted. However, just before it hangs, the system says that /usr is not mounted. Tonight (in 10hrs) I'll do a reboot and then post the exact error messages. Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.iso-top.biz |Jabber: [EMAIL PROTECTED] iso-top.biz - Die günstige Art an Linux Distributionen zu kommen Uptime: 12 hours 53 minutes
Re: [Cooker] MDK 9.0: Use of nss_ldap causes /usr not to unmount
On Thursday, October 17, 2002, at 02:00 AM, Buchan Milne wrote:
many of the postings here regard desktop programs in mandrake linux.
i understand, that this is important to mandrake. but wouldn't it be
nice to play an important role in the server market? this is not the
only issue when using ldap with mandrake (see my other postings on
this list). i hope, mandrake will fix these bugs as soon as possible.
nss_ldap is actually also very important for desktop use, specifically
desktop use in a corporate environment.
Agreed. Something like nss_ldap, which is by nature more of a client
app, is much more prevalent in a desktop environment than a server
environment.
these problems were not difficult to find (why did nobody at mandrake
test this?
Mandrake development is open, you could have tested it, and it would
have been found earlier. It's pretty obvious that Mandrakesoft can't
employ enough people to test everything, that's what cooker and the
beta releases are for. Bugs are theirs, but only if they know about
them.
Absolutely. We can't test every single thing. For instance, being the
maintainer of openssh, I couldn't be bothered to test to make sure that
putty, ssh (commercial), and every other ssh client for every other
platform works. Does this make me an irresponsible maintainer? I
don't think so. As long as openssh-openssh works, and rbrowser on my
OS X machine can connect to my linux box over openssh, I'm satisfied it
works. I also won't setup a kerberos realm in order to test kerberos
authentication. These sorts of tests can (and should) be done by the
authors/beta testers of the actual software... I leave it to the
openssh team to fix/test these things. I'll make sure that openssh
runs on Mandrake in the more typical scenarios and move on to other
work.
i think the beta tests are no good for such features because most of
the freaks out there only test their video players etc.)
You obviously haven't been on the cooker list for very long.
No, I don't think so either. Nice to have all the cookers called
freaks as well. =(
ldap is important when trying to replace windows servers with
linux/samba and manage user accounts. try to improve quality please...
Talk about arrogant... sigh
Problems can only be fixed if they are known. I use various versions
of Mandrake on a network where we use nss_ldap on all machines, and I
haven't seen it, since I usually don't have a seperate /usr.
I don't think most people have /usr on a separate partition. I know I
typically don't, and haven't for a long time as I don't see the benefit
to it. Certainly not on a client system. /home, /, possibly a /boot,
and /var/qmail are on their own partitions... This is probably the
reason the problem hasn't been seen before. Again, does this mean
we're crappy maintainers because we don't sit and attempt every single
scenario?
Thanks for the bug report. Vince, will you take a look at this?
When I have a chance, I'll take a look at it. Seems like I've somehow
filled the role of resident LDAP expert (dunno how...).
I've still got an 8.2 server setup as an LDAP authentication server,
but I'm not actually using it as such across the network due to my
findings when I wrote the piece for MandrakeSecure. AFAIK, there have
been new versions of pam_ldap and nss_ldap recently, and some
interesting mails across the mailing list so when I've got a chance, I
hope to revise the document and possibly come up with a better and more
reliable method of handling authentication. When I do, I'll give it a
shot and even waste some time installing in vmware with a separate /usr
partition specifically for this test.
Of course, any ideas on a fix would be handy. And reporting the
problem to the author so it can be fixed upstream (unless it's a
Mandrake packaging issue which it doesn't sound like), would be a good
idea as well.
Finally, one could always argue that the author is lazy and incompetent
and why didn't he find and fix the problem. But I don't think that
would get anyone anywhere fast. Funny how Linux distributions are much
better targets as the packagers of software than the authors who wrote
the software in the first place.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
lynx - source http://linsec.ca/vdanen.asc | gpg --import
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: PGP signature
Re: [Cooker] MDK 9.0: Use of nss_ldap causes /usr not to unmount
Spiderboy wrote: many of the postings here regard desktop programs in mandrake linux. i understand, that this is important to mandrake. but wouldn't it be nice to play an important role in the server market? this is not the only issue when using ldap with mandrake (see my other postings on this list). i hope, mandrake will fix these bugs as soon as possible. nss_ldap is actually also very important for desktop use, specifically desktop use in a corporate environment. these problems were not difficult to find (why did nobody at mandrake test this? Mandrake development is open, you could have tested it, and it would have been found earlier. It's pretty obvious that Mandrakesoft can't employ enough people to test everything, that's what cooker and the beta releases are for. Bugs are theirs, but only if they know about them. i think the beta tests are no good for such features because most of the freaks out there only test their video players etc.) You obviously haven't been on the cooker list for very long. ldap is important when trying to replace windows servers with linux/samba and manage user accounts. try to improve quality please... Problems can only be fixed if they are known. I use various versions of Mandrake on a network where we use nss_ldap on all machines, and I haven't seen it, since I usually don't have a seperate /usr. And, I think you will find that even with this problem, Mandrake linux is the best choice for this kind of application. We might not (currently) ship with LDAP-enabled samba RPMS, but you can always get RPMS built for recent versions of Mandrake (with and without LDAP support) from ftp.samba.org and a few other places. And we have integration of the smbldap-tools with working examples in the smb.conf. (of course, feedback on all the features in the samba RPMs would be nice ...) Why were these features added? Because someone wanted them. samba-2.2.6 RPMS for 8.0,8.1,8.2 and 9.0 will be available at http://ranger.dnsalias.com/mandrake/samba/, and will go on to ftp.samba.org later today hopefully. (RPMs built with default options for 8.0,8.1 and 9.0 are up already, ldap-enabled for 9.0 are building, ldap/winbind/acl/wins for 8.1 are building, ldap/winbind/wins for 8.0 will start shortly, and I need to find an 8.2 box to build on ...) Thanks for the bug report. Vince, will you take a look at this? Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
[Cooker] MDK 9.0: Use of nss_ldap causes /usr not to unmount
hi all the reboot and halt scripts stop when trying to unmount the /usr partition. the script is terminated and the system does not reboot or halt properly. very nasty... a fuser -vm /usr command at this point shows the following: USERPID ACCESS COMMAND /usr root8471 m. S01REBOOT this means, that a shared library is in use by the rc script itself. i discovered, that the use of nss_ldap is the reason for this. tell the system in /etc/nsswitch.conf to use ldap and this phenomenon happens. i also discovered that when the whole filesystem is in one partition, it does NOT happen. it only happens when /usr is on a separate partition (usually on servers). doing a ldd /lib/libnss_ldap-2.2.5.so shows the following: libldap.so.2 = /usr/lib/libldap.so.2 (0x40024000) liblber.so.2 = /usr/lib/liblber.so.2 (0x40055000) libsasl.so.7 = /usr/lib/libsasl.so.7 (0x40061000) libkrb4.so.2 = /usr/lib/libkrb4.so.2 (0x4006f000) libkrb5.so.3 = /usr/lib/libkrb5.so.3 (0x40084000) libk5crypto.so.3 = /usr/lib/libk5crypto.so.3 (0x400e6000) libcom_err.so.3 = /usr/lib/libcom_err.so.3 (0x400f7000) libssl.so.0 = /usr/lib/libssl.so.0 (0x400fb000) libcrypto.so.0 = /usr/lib/libcrypto.so.0 (0x4012c000) libdb-3.3.so = /lib/libdb-3.3.so (0x401f6000) libdl.so.2 = /lib/libdl.so.2 (0x40295000) libnsl.so.1 = /lib/libnsl.so.1 (0x40298000) libresolv.so.2 = /lib/libresolv.so.2 (0x402ac000) libc.so.6 = /lib/i686/libc.so.6 (0x402bd000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x403dd000) libpam.so.0 = /lib/libpam.so.0 (0x4040b000) libdes425.so.3 = /usr/lib/libdes425.so.3 (0x40413000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000) as you can see there are several libraries loaded by lib_nssldap that reside on /usr/lib. copying these to /lib resolves the problem. many of the postings here regard desktop programs in mandrake linux. i understand, that this is important to mandrake. but wouldn't it be nice to play an important role in the server market? this is not the only issue when using ldap with mandrake (see my other postings on this list). i hope, mandrake will fix these bugs as soon as possible. these problems were not difficult to find (why did nobody at mandrake test this? i think the beta tests are no good for such features because most of the freaks out there only test their video players etc.) ldap is important when trying to replace windows servers with linux/samba and manage user accounts. try to improve quality please... thank you spiderboy
