LDAP stops udev from working

LDAP stops udev from working

[Kersten, V.M.E.]

Hello,
I ran into trouble as I switched my standalone machine to retreive
authentication from a LDAP server.
The booting stops for about 30 sec. at 'Creating initial device nodes'
and then drops to debugging cause it could not find the /dev/sda1
device, which normally holds the / partition, so obivousely these are
not being created.

When I switch back (not using the LDAP server) in  /etc/nsswitch.conf
all is fine again.

I've been looking around for the same error on the net/google/this list
but appearantly nobody has the same trouble.

Am I overlooking something really obvious?

The LDAP servers used are Apple 10.2.9 and 10.3.9 (which is a modified
OpenLDAP) and both make udev grind to a halt a the same spot. They are
used for some years now to authenticate woody clients with no problem.

The udev version I am using is 0.070-2 (debian unstable)
Kernel is 2.6.12-1-686smp

I would really appriciate if somebody hints me in the right direction?


Thanks in advance,


   Vincent


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

Re: LDAP stops udev from working

[Dave Dodge]

On Fri, Oct 28, 2005 at 07:17:17PM +0200, Kersten, V.M.E. wrote:
> When I switch back (not using the LDAP server) in  /etc/nsswitch.conf
> all is fine again.

What changes did you make to nsswitch.conf to set it up for LDAP?  For
example did you completely disable lookups in the local passwd/group
files?

I could imagine that something in the boot sequence tries to read some
user information -- such as doing "~foo" to get the home directory for
a service account, or converting a UID into a username for logging.
If you've removed the use of the local passwd table, then these
lookups will have to go out over LDAP, and if networking isn't set up
yet then that will obviously fail badly.

I don't really understand why this would affect the root device,
though.  I'd expect your LDAP settings to only kick in after the real
/etc (from the root filesystem) is in place.  Did you actually make
this nsswitch.conf change within an initramfs/initrd?  I don't really
know much about the debian boot process so maybe I'm overlooking
something obvious.

                                                  -Dave Dodge


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

Re: LDAP stops udev from working

[Kay Sievers]

On Fri, Oct 28, 2005 at 07:17:17PM +0200, Kersten, V.M.E. wrote:
> Hello,
> I ran into trouble as I switched my standalone machine to retreive
> authentication from a LDAP server.
> The booting stops for about 30 sec. at 'Creating initial device nodes'
> and then drops to debugging cause it could not find the /dev/sda1
> device, which normally holds the / partition, so obivousely these are
> not being created.
> 
> When I switch back (not using the LDAP server) in  /etc/nsswitch.conf
> all is fine again.
> 
> I've been looking around for the same error on the net/google/this list
> but appearantly nobody has the same trouble.
> 
> Am I overlooking something really obvious?
> 
> The LDAP servers used are Apple 10.2.9 and 10.3.9 (which is a modified
> OpenLDAP) and both make udev grind to a halt a the same spot. They are
> used for some years now to authenticate woody clients with no problem.
> 
> The udev version I am using is 0.070-2 (debian unstable)
> Kernel is 2.6.12-1-686smp
> 
> I would really appriciate if somebody hints me in the right direction?

That's probably cause of glibc trying to resolve group names to numeric
id's to apply to the device nodes. Usually disks have the group "disk"
assigned, but your ldap setup prevents the resolving at this stage of
booting.

Care to try to replace the textual names by the numerial id's in
/etc/udev/rules.d/* and if that works we need to think about a solution
for this...

Thanks,
Kay


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

RE: LDAP stops udev from working

[Kersten, V.M.E.]

Hello Dave,
(I am remailling this to the list since I just mailed you privately)

>> When I switch back (not using the LDAP server) in  /etc/nsswitch.conf
>> all is fine again.

> What changes did you make to nsswitch.conf to set it up for LDAP?  For
> example did you completely disable lookups in the local passwd/group
> files?
    
In /etc/nsswitch.conf i went from:
 
                                
 passwd: files
 shadow: files
 group:  files
...

to:

 passwd: files ldap
 shadow: files ldap
 group:  files ldap
...

and then tried:
 
 passwd: compat ldap
 shadow: compat ldap
 group:  compat ldap
...                               


but all didn't work out. 

I did not create this in the initrd but just in /etc/nsswitch.conf. So i
don't see why the local password file is not used (first). The ldap
accounts start over uid 1020. 
Might be something in initrd though will have a look in that. But what
is needed which is not there? 

Thanks for now,

   Vincent


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel