FedoraForum.org - Fedora Support Forums and Community
Results 1 to 7 of 7
  1. #1
    Join Date
    Aug 2009
    Location
    Sheffield
    Posts
    11

    With ldap enabled, machine will not boot, hangs at "starting messagebus"

    I have a Fedora 11 PC, which I want to connect to the ldap server at my organisation.

    When my /etc/ldap.conf file is in place, the machine will not boot past "starting system messagebus" and just hangs there. I have to press the reset button, and boot it into single user mode, and remove /etc/ldap.conf, and only then will it boot.

    The ldap.conf file is fine, I think, because if you boot the machine up without ldap.conf, then log in, I can put ldap.conf in place and immediately I can see all the user accounts etc. from the ldap server.
    If I then reboot, with ldap.conf in place, it hangs on boot again. I can't understand why that would be.

    I have searched for references to this on internet forums, and there are a few reports of it happening, but no solutions that work.

    I found a bug report for FC5 which stated this problem, but there was no solution. There was a workaround, making messagebus starting later in the boot process (move it from S22 to S27 in rc3/5.d), but that didn't help in my case.

    My ldap.conf contains this (I've removed my actual ldap info):

    host my.server.ip.addr
    base dc=my,dc=dn
    uri ldap://ldap.mydomain.com
    ssl no
    tls_cacertdir /etc/openldap/cacerts
    pam_password md5
    bind_policy soft

    As I say, I think the ldap config is fine, because you can start it manually once the machine has booted up without an ldap.conf in place. I lifted it from a Centos client, which works fine and doesn't have the same problem with booting that Fedora does.

    I hope someone can suggest a workaround, because I'm really stuck. I was hoping to use Fedora for a load of new desktops we've got but I can't if ldap can't be used.

    Thanks,

  2. #2
    scottro's Avatar
    scottro is offline Retired Community Manager -- Banned from Texas by popular demand.
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    8,127
    Yeah, a 5 year old bug, they don't bother with the solution.

    See my ldap page at http://home.roadrunner.com/~computertaijutsu/ldap.html

    Edit /etc/ldap.conf (NOT openldap/ldap.conf)

    Uncomment the bind_policy entry and change it from hard to soft.

    It's really stupid too, because an existing ldap server doesn't need to be able to authenticate the user--Fedora and RH are just really insecure, and need the reassurance of knowing that somewhere, an LDAP server exists, even if it does nothing.
    --
    http://srobb.net

  3. #3
    Join Date
    Aug 2009
    Location
    Sheffield
    Posts
    11
    Thanks for the suggestion but I already tried the "bind_policy soft" line, and it made no difference.

    We do need to use the ldap server here, unfortunately, to access the user accounts on there.

  4. #4
    scottro's Avatar
    scottro is offline Retired Community Manager -- Banned from Texas by popular demand.
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    8,127
    Grr. I've tried on several systems and it fixed them on all.
    The only other thing I can suggest is add a secondary ldap server---the syntax escapes me, but it's fairly simple, IIRC and run ldap-server on another box that it can always reach.

    As I said, it just seems to need assurance that an ldap server actually exists, at least in my experience. You don't even have to configure the second ldap server, just let it run. You could put that on some oddball port too, if you liked, and tell the RH/CentOS/Fedora boxen to look for that as the secondary server.

    Sorry I can't be of more help--as you know, it shouldn't work that way, it's supposed to go to local files first, but it looks as if it's not going to get fixed.
    --
    http://srobb.net

  5. #5
    Join Date
    Aug 2009
    Location
    Sheffield
    Posts
    11
    I don't know if my problem is the same as the one you are describing. Our ldap does work, usually, and if you boot up my Fedora PC without an ldap.conf file, it's fine, then you log in and put an ldap.conf file in /etc, you can use do ldap lookups. It's just that, when you reboot the machine, it doesn't come back up again and hangs around the "starting system messagebus" line. (it's not a problem with messagebus by the way, I tried removing it from startup and it just hangs on the next startup line instead).
    It's the presence of the ldap.conf file which is stopping the machine from booting. It's weird. It's only Fedora too, not Centos. It's really sucking my will to live now, because I've been hacking away at it for a week and am getting nowhere. There aren't any useful logs in /var/log/messages to give me a clue either.
    I tried using the authconfig-tui as you suggested on your website, as I thought reconfiguring it might help, but it did not.
    Thanks for your suggestions anyway.

  6. #6
    scottro's Avatar
    scottro is offline Retired Community Manager -- Banned from Texas by popular demand.
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    8,127
    One really kludgy workaround that I can think of is to just rename your ldap file at shutdown and then rename it back after startup. Obviously it's connected with the file, if removing it fixes the issue, but it seems a weird place to hang, especially if the LDAP server is available.
    --
    http://srobb.net

  7. #7
    Join Date
    Aug 2009
    Location
    Sheffield
    Posts
    11
    I tried that, and I felt dirty. It didn't work anyway - it got to the gdm login and hung there instead.

    Having trawled the internet further, I found some more useful info. Especially this:
    https://bugzilla.redhat.com/show_bug.cgi?id=186527

    I picked out some bits and pieces from that post, stuck them in my ldap.conf file, and finally I got it to boot without hanging. Or it did hang, but only for a few seconds. This is what I added:

    nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus
    bind_timeout 2
    nss_reconnect_tries 2
    nss_reconnect_sleeptime 1
    nss_reconnect_maxsleeptime 3
    nss_reconnect_maxconntries 3

    I guess all those timeouts are what's doing the trick.

    I don't really know what's going on with that, I'm just glad it's working. It seems bizarre to have to do all that stuff though for Fedora, when it JustWorks(TM) with Centos.

Similar Threads

  1. Fedora Core 8 hangs at "Starting udev" after install
    By thucnh in forum Installation, Upgrades and Live Media
    Replies: 7
    Last Post: 21st November 2007, 03:22 AM
  2. Boot hangs on "Starting E-Mail Transport"
    By ogross74 in forum Using Fedora
    Replies: 1
    Last Post: 25th October 2007, 10:59 PM
  3. FC5 DVD install hangs at 1st boot, "Starting udev:"
    By dreamer_nights in forum EOL (End Of Life) Versions
    Replies: 1
    Last Post: 16th September 2006, 11:37 AM
  4. FC5 Boot hangs at "Starting udev"
    By antheo in forum EOL (End Of Life) Versions
    Replies: 20
    Last Post: 25th March 2006, 06:40 PM
  5. "getent --service=ldap passwd" hangs
    By thoalex in forum Using Fedora
    Replies: 0
    Last Post: 30th December 2004, 11:33 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •