at and cron vs. ldap
Bevan C. Bennett
bevan at fulcrummicro.com
Thu Jan 8 23:30:47 UTC 2004
Stephen Walton wrote:
>
> If I create a crontab (following the aforementioned RedHat Bugzilla
> report) for an LDAP user on an LDAP client which reads
>
> */1 * * * * /bin/mail -s "cron test" user at domain
>
> crond dies.
If I do the same I get two emails every minute, one with subject "cron
test", and another with the STDOUT of the cron entry saying "Null
message body; hope that's ok". Both show up clearly as outgoing messages
in /var/log/maillog.
I'm getting a little baffled too, but I'm still confident we can figure
out what's going on at your end.
Let's start by making sure we're on the same FC1 page...
sendmail-8.12.10-1.1.1
nss_ldap-207-3
at-3.1.8-46.1
vixie-cron-3.0.1-76
openldap-clients-2.1.22-8
openldap-2.1.22-8
And that we're talking about the same basic configuration...
1) remote LDAP server with objectClass: posixaccount entries
2) local /etc/nsswitch.conf has
passwd: files ldap
group: files ldap
(or similar)
3) local /etc/pam.d/system-auth uses pam_ldap.so (verified)
4) /etc/ldap.conf has something like
host ldap.domain.com
base dc=domain,dc=com
pam_filter objectclass=posixAccount
nss_base_passwd ou=People,dc=domain,dc=com?one
nss_base_shadow ou=People,dc=domain,dc=com?one
nss_base_group ou=Groups,dc=domain,dc=com?one
ssl start_tls
I'd expect cron and sendmail to be more concerned with NSS than PAM, in
general, since they'll want to look up who you are, but shouldn't be
doing any actual authentication of their own.
Does 'finger ldap_user' list the correct information?
If not it's definately nss_ldap related... possibly due to an incorrect
ssl setting (I think the default may have changed at some point) or an
unhappy nscd.
More information about the fedora-list
mailing list