[Bug 155947] Re: ldap config causes Ubuntu to hang at a reboot
Hilton Gibson
hilton.gibson at gmail.com
Thu Apr 10 01:21:25 BST 2008
Good criteria. But please also consider the PAM rules for logins. Some allow
a graceful fall thru to pam_unix.so as a backup. This should be a default no
matter what other auth system is used. There are many other pam auth
systems, eg: fingerprint, usb key etc... LDAP is only one of many. So when
configuring lib-auth-client take very careful note of the PAM config files
and the order of the auth mechanism's.
On Thu, Apr 10, 2008 at 12:01 AM, Dustin Kirkland <kirkland at canonical.com>
wrote:
> Okay, snapshot of conclusions at this point...
>
> (1) Any systems Feisty (and earlier) upgraded to Hardy (and later) would
> require a manual migration of /etc/libnss-ldap.conf and /etc/pam-
> ldap.conf if either or both of those files exist.
>
> (2) None of the 5+ Ubuntu developers who have looked at this bug has
> successfully reproduced the "boot hang" aspect of this bug. A boot hang
> involves a system which is not responsive to a network ping, not responsive
> to banging keys, and toggling caps-lock/num-lock does not affect the
> associated LEDs. (That's a crude definition, of course, but some decent
> guidelines.) ANYONE who is able to reproduce such a boot hang, please
> respond and attach (a cleansed copy) of:
> * /var/log/syslog (as retrieved from a subsequent rescue boot)
> * /etc/ldap.conf
> * /etc/nsswitch.conf
> * /etc/libnss-ldap.conf
> * /etc/pam-ldap.conf
>
> (3) We have been able to reproduce a "hang on login". I'd argue that
> this is a "functions as designed" scenario. If you require an LDAP
> server to login, and it's not available, logins should not succeed until
> the target LDAP server becomes available. In the case where you want to
> relax that requirement, a system can be configured to use a soft bind
> policy.
>
> :-Dustin
>
> ** Changed in: libnss-ldap (Ubuntu)
> Status: Confirmed => Incomplete
>
> --
> ldap config causes Ubuntu to hang at a reboot
> https://bugs.launchpad.net/bugs/155947
> You received this bug notification because you are a member of Ubuntu
> Directory Services, which is subscribed to libnss-ldap in ubuntu.
>
** Attachment added: "unnamed"
http://launchpadlibrarian.net/13304139/unnamed
** Attachment added: "common-account"
http://launchpadlibrarian.net/13304140/common-account
** Attachment added: "common-auth"
http://launchpadlibrarian.net/13304141/common-auth
** Attachment added: "common-password"
http://launchpadlibrarian.net/13304142/common-password
** Attachment added: "common-session"
http://launchpadlibrarian.net/13304143/common-session
** Attachment added: "pam_ldap.conf"
http://launchpadlibrarian.net/13304144/pam_ldap.conf
** Attachment added: "libnss-ldap.conf"
http://launchpadlibrarian.net/13304145/libnss-ldap.conf
--
ldap config causes Ubuntu to hang at a reboot
https://bugs.launchpad.net/bugs/155947
You received this bug notification because you are a member of Ubuntu
Server Team, which is a subscriber of a duplicate bug.
More information about the Ubuntu-server-bugs
mailing list