<div dir="ltr"><div>look to see if the nscd (NOT nslcd) is the issue. The nscd can cache password, group, and host data. If it is in use AND has an issue with corruption or lost connection, the cache will timeout and user connection will fail.<br>
<br></div>But as it's only a single user, I would change their UID (and on all their stuff - so this is non-trivial) and have then retry.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, May 14, 2014 at 2:02 PM, Sam Davis <span dir="ltr"><<a href="mailto:aracthabar@gmail.com" target="_blank">aracthabar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">In this situation, I am just talking about ssh access to the machine. The account works for a while then stops working, but not on every machine at the same time. It may work on machine X for a few days before it stops, while machine Y works continuously. Sometimes the account is not there at all (i.e. an 'id username' returns 'Unknown id: username') and sometimes the account is there, but the group membership isn't. In all cases, shutting down nslcd, waiting a sec, and restarting it has fixed the problem.<span class="HOEnZb"><font color="#888888"><br>
<br>
Sam</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
On 05/14/2014 01:51 PM, JD wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 05/14/2014 01:34 PM, JD wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 05/14/2014 11:59 AM, Sam Davis wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello All,<br>
<br>
I have to admit, I really don't know where to begin on this. LDAP has never<br>
been my strong suit. We use LDAP authentication for most of our servers. We<br>
have one user for whom the client machines seem to forget about. In order to<br>
restore his account's functionality, I have to stop and then start nslcd.<br>
Sometimes the client machines do not even realize his account exists, sometimes<br>
it knows the account exists, but doesn't assign the correct group memberships.<br>
Other accounts are not impacted by this. Does anyone have any idea where to<br>
even begin looking into an issue like this?<br>
</blockquote>
I would look for conflicts between local accounts and the LDAP settings.<br>
<br>
</blockquote>
And differences in allowed userid/passwords between the different systems.<br>
We've used LDAP here for years, but I got burned when 1 webapp had a 32<br>
character limit on password entries, but my normal passwords were 60+ characters<br>
(yes, I use a password manager). I used the same password across 7 different<br>
systems just fine, but 1 never worked. It was too long. This was strictly a<br>
password entry issue since LDAP was performing the authentication.<br>
<br>
Could also be that certain characters are allowed on the password change screen,<br>
but not by specific login pages. In theory, this should be less and less a<br>
problem. I haven't seen it in years.<br>
______________________________<u></u>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
</blockquote>
<br>
______________________________<u></u>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>