Hello, I run into trouble with FreeBSD and LDAP on a regular basis! Sometimes it is necessary to log in onto a bunch of servers with no LDAP service responding, due to service, crash, eletrically disconnetion, whatever. The problem is: I can't. Using all prerequisits from ports (pam_ldap/nss_ldap/ldap as most recent) my /etc/nsswitch.conf looks like this as it has been the most reasonable (and only working!) solution for the past 2 years: passwd: ldap [unavail=continue notfound=continue] files [success=return notfound=return] The same for group. Intention is to have root- or wheel-group access of local managed service users without timeouts due to irresponsible LDAP servers. But it does not work! If the LDAP service is not available, FreeBSD 8.0/AMD64-RC1 (most recent source/build) does nothing for approx. 120 seconds and sometimes much longer when trying to login as root from console. In some cases, the same box under the very same conditions refuses login due to a timeout, very strange. After a couple of time and lots of questiosn, the above showed nsswitch.conf entries were evaluated as those which should work, but exchanging 'ldap' and 'files' results in a never-can-login-situation, when LDAP isn't responsible. Is there a way to shorten the timeouts and if yes, where to look for? 2 minutes for a login within services sessions is too much, a waste of time. Our network is very fast, so 30 seconds should be enough ... Any help appreciated. Thanks, OliverReceived on Tue Sep 22 2009 - 09:53:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:55 UTC