Re: Losing users & groups from Active Directory 2008r2

[Emmanuel Lesouef <e.lesouef [at] crbn.fr>]

Le Sat, 10 Jul 2010 00:26:32 +0200,
Arthur de Jong <arthur@arthurdejong.org> a écrit :

> On Fri, 2010-07-09 at 22:04 +0200, Emmanuel Lesouef (CRBN) wrote:
> > All the DC were upgraded to Windows 2008r2 last month and now, if I
> > start nss-ldapd, I have all my users & groups. If no restart of
> > nslcd is done for some hours, nslcd seems to lose the users and
> > groups and no SSH connection (for example) are possible. Even if a
> > logged in and idle user issues a "getent passwd", the getent
> > process seems to hang and finally times out, leaving no active
> > directory users displayed.
> 
> Is there anything in the logs? It could be a timeout issue. Perhaps
> connections are timed out in some way and the loss of connection is
> not properly recognized.
> 
> You can use the idle_timelimit option to allow nslcd to close the
> connection if it hasn't been used in a while.
> 
> I would still like to know if there is anything in the logs. Also you
> could run nslcd with the -d option to make it log debugging
> information to stderr (this is especially interesting at the time of
> the hang).
> 
> Hope this helps.
> 

Thanks for your answer.

This is what I did yesterday evening :

Stop nslcd on the server
Launched it using "nslcd -d 2> nslcd.log"

As of now, the server didn't lose users & groups. So, no logs attached.

This is really disturbing. But there's another difference : in order
not to alter the tests, I stopped nscd (which is running on all
"faulty" servers) on this server.

Is nscd possibly responsible of the issue ? I don't know how it could
be, but...

Anyway, I restarted nslcd in debug mode on a nscd running "faulty"
server. We'll see tomorrow if this has something to do in common.

Thanks again for your answer.

-- 
Emmanuel Lesouef
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users