RE: [LDAP-interop] RedHat ES4 boot hangs mounting NFS filesystems

["Collins, Kevin (MindWorks)" <KCollins chevron com>]

Well, I would like to think that is the case, but if I disable nscd my
boot hangs. In fact, enabling it doesn't even help because by default
nscd is started AFTER netfs, which seems wrong to me. I changed my nscd
rc script to start right before netfs and now I can boot my system.
There seems to me to be a clear link between nscd running and me being
able to mount NFS filesystems by host name...

Kevin

-----Original Message-----
From: dijuremo math gatech edu [mailto:dijuremo math gatech edu] 
Sent: Tuesday, July 12, 2005 12:13 PM
To: Collins, Kevin (MindWorks)
Cc: OpenLDAP interoperability list; nahant-list redhat com
Subject: RE: [LDAP-interop] RedHat ES4 boot hangs mounting NFS
filesystems

Running nscd is not a requirement.  Simply turn it off and reboot and
see if
the mounting hangs again or not.  It should not hang if the problem was
just
resolving the host.

You may first want to check for which levels it is on:
chkconfig --list | grep nscd
Then turn it off
chkconfig nscd off

I have seen nscd giving null results on ldap queries sometimes when I
modify
groups or add accounts, etc, so I simply know to flush the cache with
nscd
-i and then things work again.

Diego

Quoting "Collins, Kevin (MindWorks)" <KCollins chevron com>:

> Very interesting. I have seen other "odd" behavior when using LDAP on
> ES3 - it basically would NOT work without nscd running (commands would
> hang or seg fault).
>
> I didn't have any bad cache entries because I had nscd running but
> configured for no host cache and also because I tried your suggestion
of
> 'nscd -i hosts'. The mount still hung.
>
> However, when I changed nscd to have:
>
> enable-cache            hosts           yes
>
> the mount then succeeded.
>
> So, it solves my problem, but now I am having some serious concerns
> about the Linux/LDAP combination. Why is it required that I run nscd
in
> order to use LDAP? Granted, it can give a performance enhancement, but
> it shouldn't be a requirement...
>
> Thanks,
>
> Kevin
>
> -----Original Message-----
> From: dijuremo math gatech edu [mailto:dijuremo math gatech edu]
> Sent: Tuesday, July 12, 2005 11:46 AM
> To: OpenLDAP interoperability list; Collins, Kevin (MindWorks)
> Cc: nahant-list redhat com; ldap-interop fini net
> Subject: Re: [LDAP-interop] RedHat ES4 boot hangs mounting NFS
> filesystems
>
> One thing to check is nscd.  The name service caching daemon. If you
> have
> nscd running and you do a query that fails once, when you keep doing
the
> query then it will keep failing without even trying to talk to the
> server
> again because the result to the query is cached.  This has happened to
> me
> before and you just need to clear the cache.
>
> Clear the nscd cache as follows:
>
> nscd -i passwd
> nscd -i hosts
> nscd -i group
>
> HTH,
>
> Diego
>
> Quoting "Collins, Kevin (MindWorks)" <KCollins chevron com>:
>
>> Hi,
>>
>> 	I converted a RedHat ES4 system to use LDAP (it was previously
>> using NIS) yesterday. Now, when I attempt a boot, the system hangs at
>> "Mounting NFS Filesystems" (part of the /etc/init.d/netfs rc script).
> I
>> have an ES3 system configured the same and it works fine.
>>
>> I have narrowed the problem down to using LDAP for hostname
resolution
>> in /etc/nsswitch.conf:
>>
>> hosts:      files ldap dns
>>
>> The NFS host (one server for all mounts in question) is in both LDAP
> and
>> DNS. If I attempt booting with this configuration the system hangs
>> trying to mount NFS filesystems.
>>
>> Any of the following fix the problem:
>>
>> 1) add the host in question to /etc/hosts
>> 2) put dns before ldap in nsswitch.conf
>> 3) change /etc/fstab to use the IP address of the NFS server
>>
>> If I boot to runlevel 2 (before NFS mounts occur), I can login and
run
>> 'getent' successfully and it immediately returns the information from
>> LDAP (I can tell because LDAP has aliases and DNS doesn't). If I then
>> try an init to runlevel 3 or 5, it hangs at the NFS mount step.
>>
>> Does anyone have any ideas? I can't put DNS ahead of LDAP in the
> search
>> order because DNS is outside my group's control and we need to have
>> changes available at near-realtime.
>>
>> I've carbon-copied the LDAP Interop list as well, hoping someone can
>> help.
>>
>> Thanks,
>>
>> Kevin
>>
>
>
>
>
>
>