nscd and nsswitch doesn't seem to be working together

sdalu

sdalu

I've configure nsswitch.conf to use ldap (via nss-pam-ldapd).
Configuration is working fine, but I want to avoid querying too much the ldap server, so I decided to use nscd for caching passwd/group lookup.

I used this simple configuration in nsswitch.conf (other entries are left unchanged), and nscd.conf is the installed default
Code: 
group: cache files ldap
passwd: cache files ldap

The problem is that caching doesn't seems to be used at all (testing using ls -al /home):
  • nslcd -d show ldap request being performed for every test
  • nscd -nst show nothing (but the program initialisation)
Any idea on what's going on is welcomed
 
Network wizzards, please comment.
uname -aU
FreeBSD t450s.local.lan 12.2-RELEASE-p4 FreeBSD 12.2-RELEASE-p4 GENERIC amd64 1202000

Maybe the issues I had fit into this thread: until yesterday, I constantly had nasty error messages in /var/log/debug.log:
Code: 
Mar  5 16:01:00 t450s cron[78002]: NSSWITCH(_nsdispatch): cache, group_compat, endgrent, not found, and no fallback provided
Mar  5 16:01:00 t450s cron[78002]: NSSWITCH(_nsdispatch): cache, passwd_compat, endpwent, not found, and no fallback provided
Note: the program after the date varies, other programs like ls(1), csh(1),... occured as well.
With these configurations in /etc/nsswitch.conf (pretty much default):
Code: 
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/12.2/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z brd $
# $Id: nsswitch.conf,v 1.3 2021/03/07 12:22:51 root Exp root $
#
group: compat
group_compat: cache nis [notfound=RETURN]
hosts: cache files dns
netgroup: compat
netgroup_compat: cache nis [notfound=RETURN]
networks: cache files dns
passwd: compat
passwd_compat: cache nis [notfound=RETURN] db
shells: cache files
services: compat
services_compat: cache nis [notfound=RETURN] db
protocols: cache files
rpc: cache files
and /etc/nscd.conf:
Code: 
#
# Default caching daemon configuration file
# $FreeBSD: releng/12.2/usr.sbin/nscd/nscd.conf 336850 2018-07-28 23:29:36Z brd $
# $Id: nscd.conf,v 1.2 2021/02/24 00:12:43 root Exp root $
#
enable-cache passwd yes
perform-actual-lookups passwd yes
enable-cache group yes
perform-actual-lookups group yes
enable-cache hosts yes
positive-policy hosts lfu
negative-confidence-threshold hosts 4
#negative-time-to-live hosts 120
suggested-size hosts 2521
keep-hot-count hosts 4096
enable-cache netgroups yes
suggested-size netgroups 37
keep-hot-count netgroups 64
enable-cache networks yes
enable-cache protocols yes
keep-hot-count protocols 512
enable-cache services yes
suggested-size services 2521
#keep-hot-count services 4096
perform-actual-lookups services yes
enable-cache shells yes
suggested-size shells 17
keep-hot-count hosts 32
enable-cache rpc yes
Then I removed the *_compat entries from /etc/nsswitch.conf:
Code: 
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/12.2/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z brd $
# $Id: nsswitch.conf,v 1.4 2021/03/07 12:26:49 root Exp root $
#
group: cache nis [notfound=RETURN] files
hosts: cache files dns
netgroup: cache nis [notfound=RETURN] files
networks: cache files dns
passwd: cache nis [notfound=RETURN] db [notfound=RETURN] files
shells: cache files
services: cache nis [notfound=RETURN] db [notfound=RETURN] files
protocols: cache files
rpc: cache files
and commented out perform-actual-lookups in nscd.conf(5):
Code: 
root@t450s:/etc # rcsdiff -r1.2 nscd.conf
===================================================================
RCS file: RCS/nscd.conf,v
retrieving revision 1.2
diff -r1.2 nscd.conf
4c4
< # $Id: nscd.conf,v 1.2 2021/02/24 00:12:43 root Exp $
---
> # $Id: nscd.conf,v 1.3 2021/03/07 12:34:38 root Exp root $
7c7
< perform-actual-lookups passwd yes
---
> #perform-actual-lookups passwd yes
9c9
< perform-actual-lookups group yes
---
> #perform-actual-lookups group yes
25c25
< perform-actual-lookups services yes
---
> #perform-actual-lookups services yes
restarted nscd(8), but I still had error messages. But after I rebooted yesterday last -n 5 reboot
Code: 
last -n 5 reboot
boot time                                  Di.  9 März 03:49
shutdown time                              Di.  9 März 03:45
boot time                                  Di.  9 März 03:26
shutdown time                              Di.  9 März 03:24
boot time                                  Mo.  1 März 22:51
the error messages disappeared EDIT: see next post: this "fix" killed syslogd(8) /EDIT. Thus I'd say I can file in a bug report on nsswitch.conf(5): the defaults shipped are bogus, the compat entry simply doesn't work? Correct? I changed from the defaults (other than to enable caching) only because I had these nasty error messages; my changes were marginal at most (include explicit [notfound=RETURN]).
Why was it not enough to restart nscd(8)? That is extremely irritating... This is not a Windows box... Maybe a shutdown(8) & going to multiuser again would have been enough?
 
I forgot to mention that the above "solution" was fake, because it killed my syslogd(8) and that was the reason why the error messages did not come up anymore... now my status is that I removed nis(8) completely from nsswitch.conf(5), this gives me back a running syslogd(8), but also the error messages & nscd(8)'s caching doesn't seem to work, either (it never did).
 
You must log in or register to reply here.
Back
Top