Today, while “playing” with my servers to get them to use LDAP for authentication, I realized that nscd on CentOS7 (possibly on other Linux distros as well) is being a bit stupid.
Normally to get your Linux system to authenticate against LDAP you’d need to adjust quite a few config files (i.e. /etc/openldap/ldap.conf, stuff in /etc/pam.d , /etc/nslcd.conf, /etc/nsswitch.conf, etc ) then get nscd/nslcd restarted and presto … magic … you should be able to authenticate …
Well … in my case that did not happen …
After a bit of debugging (checking logs, doing a bit of strace here and there) I noticed there was nothing going on via the nscd socket and figured it was stale.
What I did:
service nscd stop
service nslcd stop
rm /var/run/nscd/socket
service nscd restart
service nslcd restart
… and magic … it suddenly started working.
I personally blame the RedHat ppl , dbus and systemd (just because I don’t like either of them) and expect a similar stupid problem to be present on CentOS8 as well as some recent enough versions of Fedora.
PS. Did I mention how much I like RedHat and their products ? 🙂