- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: LDAP-UX: First ldap login takes about 5 minut...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 07:33 AM
тАО12-09-2009 07:33 AM
Solved! Go to Solution.
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 08:38 AM
тАО12-09-2009 08:38 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
I had such same troubles some days ago on my recent HP-UX 11.31 box...
For me it has to do with the ldapclientd daemon which was in DEBUG mode... (Disabling it solve me problem)
1. Perhaps check this on you server:
http://www.docs.hp.com/en/J4269-90041/ch04s14.html
2. Are you on the last Version of LDAP-UX : 4.20?
(swlist -l product |grep LDAP-UX)
3. You can try to disable the "passwd cache" when starting ldapclientd: /opt/ldapux/bin/ldapclientd -D passwd
By careful that this is one "one-shot" action... to modify it definitely You must change the "rc-file" /sbin/init.d/ldapclientd.rc...
The last thing I can suggest is to tune the ldapclientd process through tusc.
Good Luck.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 11:50 AM
тАО12-09-2009 11:50 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 11:52 AM
тАО12-09-2009 11:52 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
Anyway, I was in INFO mode...
I think it might have to do with my pam.conf but I am not sure.
I will give you 10 points for your help once I can solve this.
Thanks again...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2009 05:41 AM
тАО12-10-2009 05:41 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
Anybody?????
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2009 08:29 AM
тАО12-10-2009 08:29 AM
SolutionWhat does the output look like once you have logged in once? That's neat that it sits for 4 minutes doing nothing form 14:35 to 14:39.
Can you send the output of an sshd -ddd on the server side and ssh -vvv on the client side as well?
You don't happen to have the pwgrd daemon off do you? (password & group caching daemon.) It's not technically required, but works in conjunction with the ldapclientd caching.
Just out of curiosity, your primary ldap server is available, right? You can have up to three ldap servers listed in the ldapuxprofile, but what they don't tell you is that EVERY query goes to the 1st, then the 2nd, then the 3rd, regardless of whether the 1st or 2nd were down on the last request. If you used DNS names, it will also attempt to resolve each one, with a 10 second timeout per DNS request. So, you can see that if your DNS is down, and/or your LDAP server is down, or worse, your primary LDAP server is your DNS server (been there), you could end up with VERY long login times.
Don
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2009 10:00 AM
тАО12-10-2009 10:00 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
So pwgrd is running, and we only have the one DC listed in the profile.
I will try and get that sshd -ddd and ssh -ww info for you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2009 10:25 AM
тАО12-10-2009 10:25 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2009 10:27 AM
тАО12-10-2009 10:27 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2009 10:27 AM
тАО12-10-2009 10:27 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
I think the recommendation for debug output from sshd is a good idea, to see where it thinks things are hanging up. If it's in PAM, then you can turn on PAM debugging using:
1. Configure syslog:
save a backup copy of syslog.conf, then
add this line to /etc/syslog.conf
*.debug /var/adm/syslog/syslog.log
note: this requires tab characters like the other entries
2. Turn on debug in pam module(s):
save a backup copy of /etc/pam.conf, then
add "debug" to the end of each entry in /etc/pam.conf; e.g
sshd account required /usr/lib/security/libpam_unix.1 debug
(actually, you could do just the lines you care about)
3. turn on libpam debug: touch /etc/pam_debug
4. start syslog daemon: /sbin/init.d/syslogd start
5. do tests to generate pam syslog debug info in
/var/adm/syslog/syslog.log
6. cleanup
/sbin/init.d/syslogd stop
rm /etc/pam_debug
restore /etc/pam.conf and /etc/syslog.conf