Fedora Linux Support Community & Resources Center
  #1  
Old 23rd December 2011, 05:24 PM
dave2011 Offline
Registered User
 
Join Date: Dec 2011
Location: somwhere
Posts: 2
windows_xp_2003ie
Speeding local login when LDAP server unavailable

Hi. First of all Merry Christmas everyone and Happy New Year !

I’m hoping someone could help me to understand the following issues with local linux logins when LDAP authentication is enabled.
I have a general account “student” in fedora 15 to enable users to login locally if a network problem occurs, or if they simply prefer that instead of logging with their own accounts. Some years ago there was a problem with local logins with ID > 100 but I solved this by editing the /etc/pam.d/system-auth file.

Today I was able to shutdown the ldap server for a few hours and here’s what happens now:
If the fedora pc has no network connection (either by a disconnected cable or unreachable DHCP server), the local login “student” is ultra fast both in text mode and graphical. How does it bypass ldap automaticaly?

If the fedora pc has a network connection and the LDAP and nfs server (for home folders) is available, everything is ok. Local login with “student” is also ultra fast.

But if the pc is network connected and the server is unavailable, the local login was taking about 55 seconds in text mode and an eternity in graphical mode. Please note that the login with “root” is immediate, this only happens with other local accounts.
I’ve been editing the /etc/pam.d/system-auth and password-auth (they actually always had the same content) inserting options such as “authinfo_unavail=ignore” but no results, and I to tell the truth, I do not really understand all those options and syntax.

The only thing that speed up the local login was when I’ve edited the /etc/nss_ldap.conf file and set both
timelimit” and “bind_timelimit” to 1 instead of the default value. This way I can login in text mode in about 13 seconds and graphically in just above 1 minute, which was really great, compared to my previous situation.

My nsswitch.conf file has the following entries:

passwd: files ldap
shadow: files ldap
group: files ldap


So, why the root login was always so fast, even before I decreased the timelimit and bind_timelimit in nss_ldap.conf, and not the local account “student” ?
Thank you very much.
Merry Christmas !
Regards
Dave
Reply With Quote
  #2  
Old 23rd December 2011, 06:49 PM
smr54 Offline
Registered User
 
Join Date: Jan 2010
Posts: 5,515
linuxfirefox
Re: Speeding local login when LDAP server unavailable

Not sure if it's the same problem that's been around for years with RH, but if so, you might be able to fix it with changing

bind_policy hard (which may be commented out) and change it to bind_policy soft (without a comment sign), in /etc/nss_ldap.conf.
Reply With Quote
  #3  
Old 2nd January 2012, 11:21 AM
dave2011 Offline
Registered User
 
Join Date: Dec 2011
Location: somwhere
Posts: 2
windows_xp_2003chrome
Re: Speeding local login when LDAP server unavailable

Quote:
Originally Posted by smr54 View Post
Not sure if it's the same problem that's been around for years with RH, but if so, you might be able to fix it with changing

bind_policy hard (which may be commented out) and change it to bind_policy soft (without a comment sign), in /etc/nss_ldap.conf.
Thanks for the reply. bind_policy is set to soft from the beginning.
As I said, the only thing that improved the login time was setting timelimit and bind_timelimit to 1.
It seems to me that if the workstations have network connection, they always try to get to the server first.
Reply With Quote
Reply

Tags
ldap, local, login, server, speeding, unavailable

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
A couple of LDAP problems - local login & Samba ledmatrix Servers & Networking 2 28th November 2010 06:09 PM
Local apps not working when LDAP login AbsoluteMonkey Using Fedora 5 5th January 2009 01:15 AM
pam.conf for local/ldap login authentication mcanovas Security and Privacy 0 4th May 2006 08:58 PM
LDAP SSL support unavailable johns3001a Servers & Networking 1 26th February 2006 04:23 AM


Current GMT-time: 14:14 (Monday, 22-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat