I've found the solution to a problem that's been affecting our Solaris 10 hosts that are using Active Directory for naming services and authentication - I thought it would be helpful to email details to Sun Managers so that it's available to others. We used the method outlined here http://www.sun.com/bigadmin/features/articles/kerberos_s10.pdf to set up the environment. The domain controllers are running Windows Server 2008. We found that nscd running in per-user mode would periodically stop resolving userids and groups; nscd appeared to lose the Kerberos credential needed to query LDAP. Also, nscd would randomly start at boot time in either per-user mode or host-credential mode - it's not apparent what causes it to choose one vs. the other. (When nscd was restarted without a reboot it would always run in per-user mode, as denoted by the '-F' flag in the process arguments). Determing the exact cause has proven difficult because when it occurs we generally need to get it fixed as soon as poss. However, it appeared that what we needed was to disable per-user lookups. The nscd.conf man page mentions the 'enable-per-user-lookup' setting, however nscd refuses to run if this is present in the config. file. But it turns out that there is a setting in the SMF definition for nscd which can be set to disable per-user lookups. It's set as follows: svccfg -s svc:/system/name-service-cache setprop config/enable_per_user_lookup = false After making this change you just need to restart nscd: svcadm restart name-service-cache I hope this is helpful to someone. The information transmitted in this communication is intended only for the person(s) or entity to which this communication is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by any persons or entities other than the intended recipient is prohibited. If you received this communication in error, please notify info@gsacapital.com immediately and then delete this communication and any attachments from any computer. Do not disclose the contents of this document to any other person or take any copies. If this communication was misdirected, no confidentiality or privileges are waived. This communication is for information purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. To the extent this communication constitutes a financial promotion for the purposes of the Financial Services and Markets Act 2000 and the handbook of rules and guidance issued from time to time by the Financial Services Authority of the United Kingdom (the "FSA Rules #157"), such promotion is made available exclusively to and/or directed exclusively at persons who are Professional Clients or Eligible Counterparties for the purposes of the FSA Rules. Any investments and investment services to which this document relates, if applicable, are only available to the persons referred to above and other persons should not act or rely on it. Moreover, any investment or service to which this material may relate, if applicable, is not intended for Retail Clients and will not be made available to Retail Clients. To the extent that this communication relates to any investment in which you choose to invest, you should note that your capital will be at risk and you may therefore lose some or all of any amount that you choose to invest in such investment. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. GSA Capital Partners LLP, its members and affiliates (together, "GSA Capital") do not accept any responsibility to update any opinions or other information contained in this communication and do not make any representations or warranties as to the accuracy and completeness of any information contained in this communication. Internet communications are not secure and therefore GSA Capital does not accept legal responsibility for the content of this communication. Although GSA Capital operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any comments or statements made herein do not necessarily reflect those of GSA Capital. Replies to this communication may be monitored by GSA Capital for operational or business reasons. GSA Capital Partners LLP is authorised and regulated by the Financial Services Authority in the United Kingdom. GSA Capital Partners LLP is also registered with the Securities & Exchange Commission in the United States. Registered Office: First Floor, 11 Berkeley Street, London, W1J 8DS, England. Telephone number: 020 7959 8800. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Oct 25 10:17:05 2010
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST