Machine not locked-up but can't log on either
Ray Van Dolson
rayvd at digitalpath.net
Thu May 4 17:20:28 UTC 2006
On Thu, May 04, 2006 at 01:15:17PM -0400, Ryan Golhar wrote:
> Yes, I do use LDAP authentication (but the root user is a local user).
>
> I'm also limiting who is allow to connect through ssh via
> /etc/hosts.allow. I'm restricting it to the ISPs of our users. I
> suppose its possible someone is trying to gain access from one of those
> ISPs, but the logs of the other machines only show an occassional failed
> login attempt. Would the ssh login attempts also prevent me from
> logging in from the console?
>
> Ryan
>
Probably. LDAP has a nasty habit of taking a really long time to time out
on things to even give your local user account a chance to authenticate.
Probably DNS lookup is timing out and then either the LDAP bind process
tries to time out or gets hung. In the end, the local authentication never
even gets a chance to run.
I know there have been some decent posts on tweaking the timeouts and/or PAM
to behave better in this situation... but it's also one of the reasons I
changed my CTRL-ALT-DEL key to disable LDAP so I could get into a server in
this state.
Doesn't work so well for a remote box though. :)
Ray
More information about the redhat-list
mailing list