服务器 Gind.cn
  1. 服务器 Gind.cn
  3. CentOS 5.8 – NSCD无法caching密码
Intereting Posts
Ubuntu的12.04高io的根进程 如何识别我们的qmail队列是如此之大以及如何处理它 进程显示溢出虚拟大小 邮件服务器无法复制Active Directory用户 如何设置sendmail(针对Bugzilla) IIS上的应用程序防火墙 301在同一托pipe服务器上redirect 如何在远程centos上运行Visual VM opendkim仅在托pipe服务器上签署1个区域 Nginx的https重写变成POST到GET 具有两个或更多个域的ADFS 2.0 + ASP.NET开发环境中的证书错误 在htaccess重写规则中使用SetEnvvariables WHOIS隐私帮助 NGNIX服务器块不起作用 Hadoop集群中多个JobTracker节点的含义?

CentOS 5.8 – NSCD无法caching密码

我尝试将NSCDconfiguration为将ldap用户连接到我的电脑。

我喜欢,用户可以在这台电脑离线login(在线ldap用户工作正常)。

实际上,我可以使用这个用户,但是当我尝试引入密码的时候,电脑正在等待,最后它说密码不正确。

我认为,caching密码是问题,因为,用户接受非常快,如果我清理nscdcaching用户是错误的。

这是我的nscd.conf 

logfile /var/log/nscd.log server-user nscd debug-level 0 paranoia no restart-interval 3600 enable-cache passwd yes positive-time-to-live passwd 3600 negative-time-to-live passwd 20 suggested-size passwd 211 check-files passwd yes persistent passwd yes shared passwd yes max-db-size passwd 33554432 auto-propagate passwd yes enable-cache group yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 211 check-files group yes persistent group yes shared group yes max-db-size group 33554432 auto-propagate group yes enable-cache hosts no

和我的authconfig – testing 

  authconfig --test: caching is enabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap://xxxxxxxxxxxxxxxx" LDAP base DN = "dc=xxxxxxxxxxxxxxx,dc=xxx" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_sss is disabled by default nss_wins is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is md5 pam_krb5 is disabled krb5 realm = "EXAMPLE.COM" krb5 realm via dns is disabled krb5 kdc = "kerberos.example.com:88" krb5 kdc via dns is disabled krb5 admin server = "kerberos.example.com:749" pam_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap://xxxxxxxxxxxxxxxxxx" LDAP base DN = "dc=xxxxxxxxxxxxxxxxxxxx,dc=xxxxx" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "coolkey" smartcard removal action = "Ignorar" pam_smb_auth is disabled SMB workgroup = "MYGROUP" SMB servers = "" pam_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is disabled by default pam_cracklib is enabled (try_first_pass retry=3) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir is disabled () Always authorize local users is disabled () Authenticate system accounts against network services is disabled

如果有人有任何想法,请回答我!

PD:对不起,我的英文不好!

nscd不用于caching密码。 检出sssd或pam_ccreds

如果我是你,我需要创build一些与ldap“admin”用户同名的本地“admin”用户。

因为如果ldap / winbind服务不可用,或者某些特殊情况(如维护模式)非常危险,那么在ldap / winbind authen