<div>Yes, nscd is both a blessing and a curse...we've found the default settings for it be problematic.</div><div><br></div>Check your nscd.conf file and `man nscd.conf`. Pay special attention to these values:<div><br>
<div><div> paranoia <span style="white-space:pre">                </span>yes</div><div><br></div><div> positive-time-to-live passwd 120</div><div> negative-time-to-live passwd 2</div>
<div> persistent <span style="white-space:pre">                </span>passwd no</div><div><br></div><div> positive-time-to-live group 120</div><div> negative-time-to-live group 2</div>
<div> persistent <span style="white-space:pre">                </span>group no</div><div><br></div><br><div class="gmail_quote">On Mon, Mar 22, 2010 at 8:01 AM, Sean Carolan <span dir="ltr"><<a href="mailto:scarolan@gmail.com" target="_blank">scarolan@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm testing the 389 directory server in our lab environment before<br>
moving it to production and have noticed that occasionally it won't<br>
let me log in. I have to restart the nscd service before it will<br>
authenticate my user. Here's the error in /var/log/secure:<br>
<br>
Mar 22 09:59:31 watcher sshd[18109]: pam_unix(sshd:auth):<br>
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=<br>
rhost=10.2.3.100 user=scarolan<br>
Mar 22 09:59:31 watcher sshd[18109]: pam_ldap: error trying to bind as<br>
user "uid=scarolan,ou=People, dc=companyname, dc=com" (Invalid<br>
credentials)<br>
<br>
Has anyone else experienced something like this? Any idea what causes<br>
it? I want to make sure our LDAP authentication is rock-solid<br>
reliable before moving it into the production environment.<br>
<font color="#888888">--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</font></blockquote></div><br></div></div>