From: Christopher Batten <cbatten@cornell.edu>
To: Ricardo Wurmus <rekado@elephly.net>
Cc: Chris Marusich <cmmarusich@gmail.com>,
"help-guix@gnu.org" <help-guix@gnu.org>
Subject: Re: "user with UID not found" error
Date: Tue, 2 Aug 2022 18:24:04 +0000 [thread overview]
Message-ID: <0EE6CB54-1B59-4B94-AAD9-FC8A710FAE21@cornell.edu> (raw)
In-Reply-To: <87h72umrr8.fsf@elephly.net>
>>>> Or do you recommend a different way to run NSCD and SSSD at the same time on RHEL/CentOS systems?
>>>
>>> You only need to start it. We don't use it as a cache. We are only interested in its network interface for use with glibc.
> […]
>> We turned off all NSCD caching:
>>
>> % grep enable-cache /etc/nscd.conf
>> # enable-cache <service> <yes|no>
>> enable-cache passwd no
>> enable-cache group no
>> enable-cache hosts no
>> enable-cache services no
>> enable-cache netgroup no
>
> Sorry, it appears that I was wrong about the role of caching. Our
> cluster nodes (running CentOS) have this nscd config:
>
> --8<---------------cut here---------------start------------->8---
> enable-cache passwd yes
> enable-cache group yes
> enable-cache hosts no
> enable-cache netgroup no
> --8<---------------cut here---------------end--------------->8---
>
> So while we don’t rely on caching per se, nscd needs to be configured to
> cache passwd and group so that it actually fetches this type of
> information from the system directories (e.g. LDAP).
>
> Sorry for the confusion!
OK! But this RHEL doc:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/usingnscd-sssd
Seems to suggest turning on NSCD caching for passwd and group while also running SSSD can cause subtle issues? It says:
"To avoid this problem, enable caching only for hosts in the the /etc/nscd.conf file and rely on the SSSD cache for the passwd, group, services, and netgroup entries."
So my sysadmin and I are worried about turning on caching in NSCD and SSSD at the same time? Are you running both and have you seen any issues?
Best,
Chris
next prev parent reply other threads:[~2022-08-02 18:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-22 17:56 "user with UID not found" error Christopher Batten
2022-07-22 19:25 ` Ricardo Wurmus
2022-07-26 21:01 ` Christopher Batten
2022-07-27 12:44 ` Ricardo Wurmus
2022-07-27 19:50 ` Christopher Batten
2022-07-29 1:14 ` Chris Marusich
2022-08-01 16:16 ` Christopher Batten
2022-08-01 18:37 ` Jack Hill
2022-08-01 19:49 ` Ricardo Wurmus
2022-08-02 17:48 ` Christopher Batten
2022-08-02 18:17 ` Ricardo Wurmus
2022-08-02 18:24 ` Christopher Batten [this message]
2022-08-02 20:53 ` Ricardo Wurmus
2022-08-03 19:26 ` Christopher Batten
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0EE6CB54-1B59-4B94-AAD9-FC8A710FAE21@cornell.edu \
--to=cbatten@cornell.edu \
--cc=cmmarusich@gmail.com \
--cc=help-guix@gnu.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).