Temporary problems in name resolution when nscd is being used, Too many open files

Solution Verified - Updated -

Issue

  • Temporary problems in name resolution when nscd is being used
  • RHEL 5.6's nscd is behaving erratically. Running an strace on the process produces:
epoll_wait(10, {{EPOLLRDNORM, {u32=9, u64=9}}}, 100, 29988) = 1
accept(9, 0, NULL)                      = -1 EMFILE (Too many open files)
epoll_wait(10, {{EPOLLRDNORM, {u32=9, u64=9}}}, 100, 29988) = 1
accept(9, 0, NULL)
  • Recently we experience problems to login on some of our machines running RHEL 5.3.
login[]: pam_unix(login:auth): check pass; user unknown
login[]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= 
login[]: FAILED LOGIN 1 FROM (null) FOR root, Authentication failure
  • Log entry for a login using SSH:
sshd[16020]: fatal: Privilege separation user sshd does not exist
  • Additionally sendmail and crond seem to have problems resolving names.
  • Other relevant errors:
ERROR: failed to open PAM security session: Bad file descriptor
error retrieving information about user root
sendmail.*: gethostbyaddr(127.0.0.1) failed:
  • The problems are specific to a single system, no DNS / LDAP outage in the data center
  • Restarting nscd resolves the issue (if it's possible to log in during the problem)

Environment

  • Red Hat Enterprise Linux 5
  • nscd-2.5-65 or nscd-2.5-34 but likely any nscd version is affected
  • nss_ldap earlier than nss_ldap-253-21.el5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content