Suspected nscd bug on CentOS 5.10 x86_64

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
jeanng
Posts: 5
Joined: 2015/02/16 06:19:01

Suspected nscd bug on CentOS 5.10 x86_64

Post by jeanng » 2015/02/16 06:38:23

Hi all,

I have an VMware-based CentOS 5.10 x86-64 server, which integrated with Windows Server 2012 Active-Directory.

I have installed this servers for 2 months, and ldap fine. However, all of a sudden, I cannot login using my ldap account.

When I change root (su) as my ldap account, the server shows the following error:



[root@CentOS5_10~]# su - jeanitsuyou
su: user jeanitsuyou does not exist




However, I can retrieve my information using "getent passwd"

[root@CentOS5_10~]# getent passwd| grep jeanitsuyou
jeanitsuyou:*:66660:10:ITSUYOU, Jean:/home/jean:/bin/bash


Therefore, I suspected that there is a bug on the latest version of nscd deamon (nscd-2.5-123.el5_11.1). However, when I use "service" command to check the status of nscd daemon, it show that this deamon is normal:

[root@CentOS5_10~]# service nscd status
nscd (pid 3670) is running...





However, in the check the nscd status, it was shown as the follows:

[root@CentOS5_10~]# ps aux| grep nscd
nscd 3670 0.0 0.2 178100 2512 ? Ssl Feb09 0:19 /usr/sbin/nscd
root 4158 0.0 0.0 61208 612 pts/0 R+ 14:33 0:00 grep nscd




Is the programme status of nscd daemon "Ssl" normal? Also, it seems that the deamon use too much memory.

Is it memory leakage?




Here is my nscd.conf for all of you as a reference:
(I only enable the cache function on nscd for "passwd" and "group")


# /etc/nscd.conf


# logfile /var/log/nscd.log
# threads 3
# max-threads 128
server-user nscd
# stat-user nocpulse
debug-level 3
# reload-count 5
paranoia no
# restart-interval 3600

enable-cache passwd yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
# persistent passwd yes
persistent passwd no
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes

enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
# persistent group yes
persistent group no
shared group yes
max-db-size group 33554432
auto-propagate group yes

enable-cache hosts no
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
# persistent hosts yes
persistent hosts no
shared hosts yes
max-db-size hosts 33554432

User avatar
AlanBartlett
Forum Moderator
Posts: 9323
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by AlanBartlett » 2015/02/16 16:17:39

Your first step should be to update that system to the currently supported version, which is CentOS 5.11.

Then check / test again.
Image 100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

jeanng
Posts: 5
Joined: 2015/02/16 06:19:01

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by jeanng » 2015/02/17 01:59:51

I think it should be be related to the version of CentOS 5.10 and 5.11 because nscd has not been updated / upgraded in 5.11 since 5.10.

Whatever I use 5.10 and 5.11, nscd is the same. (nscd-2.5-123.el5_11.1 (x86_64))

jeanng
Posts: 5
Joined: 2015/02/16 06:19:01

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by jeanng » 2015/02/17 02:45:13

When I observe the /proc of the nscd programme (/proc/3670/), I found that there is something called "deleted" in fd:

[root@CentOS5_10 fd]# ls -l /proc/3670/fd
total 0
lrwx------ 1 root root 64 Feb 17 10:39 0 -> /dev/null
lrwx------ 1 root root 64 Feb 17 10:39 1 -> /dev/null
lr-x------ 1 root root 64 Feb 17 10:39 10 -> /var/run/nscd/dbGmXZad (deleted)
lrwx------ 1 root root 64 Feb 17 10:39 11 -> socket:[14029]
lr-x------ 1 root root 64 Feb 17 10:39 12 -> eventpoll:[14031]
lrwx------ 1 root root 64 Feb 17 10:39 2 -> /dev/null
lrwx------ 1 root root 64 Feb 17 10:39 3 -> socket:[13857]
lrwx------ 1 root root 64 Feb 17 10:39 4 -> socket:[13863]
lrwx------ 1 root root 64 Feb 17 10:39 5 -> socket:[13874]
lrwx------ 1 root root 64 Feb 17 10:39 7 -> /var/run/nscd/dbyxyL5M (deleted)
lr-x------ 1 root root 64 Feb 17 10:39 8 -> /var/run/nscd/dbyxyL5M (deleted)
lrwx------ 1 root root 64 Feb 17 10:39 9 -> /var/run/nscd/dbGmXZad (deleted)


Is it normal?

jeanng
Posts: 5
Joined: 2015/02/16 06:19:01

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by jeanng » 2015/02/17 05:47:07

After searching over the Internet, I found that some people may meet other problem in other Linux distribution :

As stated some time ago, I had the problem that users vanished after some time.

As I get a lot of e-mails regarding this problem, I therefore documentate here the details I've found out so far:

Ncsd works unreliable

Yes, indeed, switching off nscd removes the problem.
But there are more problems I experienced with nscd:

Sometimes it consumes 100% cpu (and does not stop that until being killed)
Sometimes it just crashes.
Sometimes it causes users to "vanish" (the original problem)
Sometimes it hangs and thus slows down the whole system

http://www.nico.schottelius.org/blog/nscd-bugs/

Is there anybody fixing this issue?

User avatar
TrevorH
Forum Moderator
Posts: 26862
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by TrevorH » 2015/02/17 10:17:11

It's been fixed in later versions by removing nscd! ;-)
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
AlanBartlett
Forum Moderator
Posts: 9323
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by AlanBartlett » 2015/02/17 16:53:22

jeanng wrote:Is there anybody fixing this issue?
No. Usage of CentOS 5.10 is deprecated. The only supported version of the CentOS 5 branch is CentOS 5.11

If you refuse to update to the supported version, then you have all the problems.
Image 100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

jeanng
Posts: 5
Joined: 2015/02/16 06:19:01

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by jeanng » 2015/02/18 03:20:29

http://wiki.centos.org/Manuals/ReleaseN ... 368354b106

According to the release note of 5.11, nscd has not been changed in 5.10. That is, no evidence showing that upgrading CentOS can fix the problem. (Using 5.10 and 5.11 are the same)

Additionally, I choose to use CentOS because I believe that CentOS can provide a very stable OS environment. However, I am very disappointed if it always change the kernel version, even more frequency than Fedora and Ubuntu! Don't you think that upgrading kernel so frequency lead to decrease in stability???

I will never upgrade the OS AND LINUX KERNEL UNLESS nscd daemon problem is related to the kernel version. What I need is EXTREME STABILITY!!!




By the way, Does anybody has idea how to collect information for tracing nscd bugs??? Some people told me that this problem happened on all Linux distribution, but not just only CentOS / RHEL.

drk
Posts: 398
Joined: 2014/01/30 20:38:28

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by drk » 2015/02/19 02:50:12

jeanng wrote:I will never upgrade the OS AND LINUX KERNEL UNLESS nscd daemon problem is related to the kernel version.
And with that comment you probably have most of the people here that are willing to help you tune out :lol:

User avatar
TrevorH
Forum Moderator
Posts: 26862
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Suspected nscd bug on CentOS 5.10 x86_64

Post by TrevorH » 2015/02/19 10:59:45

You should read the list of bugs that have been fixed on https://rhn.redhat.com/errata/rhel-server-errata.html before you make such silly statements as "I will never upgrade the OS AND LINUX KERNEL UNLESS nscd daemon problem is related to the kernel version. What I need is EXTREME STABILITY!!!". CentOS is not Ubuntu, the whole aim of the distro is stability and the only changes made are to fix bugs, usually security ones.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 5 - Server Support”