Do you have nscd (Name Service Caching Daemon) running? I'd check there first... -----Original Message----- From: Kevin Fries [mailto:Kevin@xxxxxxxxx] Sent: Thursday, January 27, 2005 3:41 PM To: For users of Fedora Core releases Subject: User acounts caching somewhere, but where? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think I have some data caching, but I am unsure where. All the source locations for user accounts all appear to be correct, but the system is holding on to old information... Out of ideas, anyone else seen this? 2 users: MMH and JZP. MMH is no longer employed here and was replaced by JZP. On our internal server: ~ - FC2 ~ - System accounts in passwd/shadow ~ - User accounts in Open LDAP via the PADL tools - ---------- ~ # grep ^passwd /etc/nsswitch.conf ~ passwd: files ldap ~ # grep ^shadow /etc/nsswitch.conf ~ shadow: files ldap ~ # grep ^host /etc/ldap.conf ~ host 127.0.0.1 ~ # grep ^MMH /etc/passwd ~ # grep ^JZP /etc/passwd ~ # getent passwd MMH ~ # getent passwd JZP ~ JZP:x:<user data> - ---------- This is perfect, the ex-employee is gone, the new employee is in place. ~ Exactly as it should me. Now our mail server: ~ - FC3 ~ - System accounts in passwd/shadow ~ - User accounts (mail/ftp/etc) in LDAP via the PADL tools - ---------- ~ # grep ^passwd /etc/nsswitch.conf ~ passwd: files ldap ~ # grep ^shadow /etc/nsswitch.conf ~ shadow: files ldap ~ # grep ^host /etc/ldap.conf ~ host localhost, 192.168.254.22 ~ # grep ^MMH /etc/passwd ~ # grep ^JZP /etc/passwd ~ # getent passwd MMH ~ MMH:x:<user information for ex-employee> ~ # getent passwd JZP - ---------- The only difference other than the result is the host line in /etc/ldap.conf. 192.168.254.22 is the ip of the other server, but that server is used only in failover. It will try to use the local cached copy first. So, my next diagnostics was pointed to the LDAP server. Internal Server: ~ # ldapsearch -x -LLL -h localhost uid=MMH uid ~ # ldapsearch -x -LLL -h localhost uid=JZP uid ~ dn: <obscured but correct> ~ uid: JZP Mail Server: ~ # ldapsearch -x -LLL -h localhost uid=MMH uid ~ # ldapsearch -x -LLL -h localhost uid=JZP uid ~ dn: <obscured but correct> ~ uid: JZP ~ # ldapsearch -x -LLL -h 192.168.254.22 uid=MMH uid ~ # ldapsearch -x -LLL -h 192.168.254.22 uid=JZP uid ~ dn: <obscured but correct> ~ uid: JZP OK, anybody have any idea where the Mail server is getting the incorrect user account data from? If you want to see even more fun, I can ask getent for the entire passwd user database, and it will show me both local and LDAP accounts. If I grep the results for MMH, it will tell me there is none. However, if I enter MMH in as the key to search for, it finds it despite not being in the list. JZP acts the same way in reverse. Mail Server: ~ # getent passwd | grep MMH ~ # getent passwd MMH ~ MMH:x:<user info> ~ # getent passwd | grep JZP ~ JZP:x:<again obscured> ~ # getent passwd JZP ~ # getent passwd | grep root ~ root:x:<obscured> ~ operator:x:<obscured> ~ # getent passwd | grep kevin ~ kevin:x:<obscured> How is this even possible???? the same thing is happening with the groups. MMH is still showing up in groups, JZP is not, except all the source locations have JZP not MMH stored as data. Where the heck is this old data coming from? Any clues? - -- Kevin Fries Network Administrator Hydrologic Consultants, Inc of Colorado (303) 969-8033 FAX: (303) 969-8357 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+V/+iFq1Eo16+CgRAsrtAKCi8I+/gQoBgbxk6FLnKwSM/UMsxACghXSu M8rzOGp/6Jezi+EtG/wTx1c= =qPqG -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
