Date: Wed, 11 Feb 2009 16:20:04 -0800 From: Benjamin Lee <ben@b1c1l1.com> To: Arjun Singh <arjun810@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: nss_ldap SSL/TLS problems.. Message-ID: <49936B34.6060308@b1c1l1.com> In-Reply-To: <35a7e0160902102208g423b8506q1038bdbbaed8a254@mail.gmail.com> References: <35a7e0160902100435h273627e7g4037b8af5c7bcd80@mail.gmail.com> <20090210210034.GD10513@hal.rescomp.berkeley.edu> <35a7e0160902102208g423b8506q1038bdbbaed8a254@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4B47D053FCC99EAF52A03148 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 02/10/2009 10:08 PM, Arjun Singh wrote: > Thanks for the advice. I tried to see if I could get nscd to solve anyt= hing, > but it seems to just hide the problem, and not completely. With nscd > enabled, the first login fails. After that, it's fine.. >=20 > I get the following in auth.log corresponding with the failed first log= in > (with the correct pw): >=20 > Feb 10 22:03:23 new-hkn sshd[59371]: nss_ldap: could not search LDAP se= rver > - Server is unavailable > Feb 10 22:03:23 new-hkn sshd[59371]: fatal: login_get_lastlog: Cannot f= ind > account for uid 10000 > Feb 10 22:03:23 new-hkn sshd[59371]: syslogin_perform_logout: logout() > returned an error [...] It appears to be a bug when using nss_ldap with RELENG_7, as I have been unable to reproduce the issue on machines running 6.2-RELEASE and 6.3-RELEASE, regardless of the version of OpenLDAP. In my environment, the machines use pam_krb5 for authentication, so the problem is definitely not related to pam_ldap. Have you filed a problem report? --=20 Benjamin Lee http://www.b1c1l1.com/ --------------enig4B47D053FCC99EAF52A03148 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJk2s5AAoJEN/n9makEYThz9sP/3UZxWZPEfxFIXAzIM3i2Qyu //fC5LaLTkGSdPYiFeKi18JGLnUY1li3DBBrenKHqBG9VziOAmcgo0Ofwzh67VvC Z/CxCSQEPso6s+T9axvnturpHWSlc9oQI8TFTJmS+jZWUJ/FzjmHhq7ud09583hp IZPM9ybrqSp4jxkDpg1HnWSlU70MU2AXxit/dkTRPxCYNLem+gj3am/Pr6CedsEh NB/Y/GXup3Qpwj26zoJlEv7PV81IXRR+fj8DFovp8Dx3TFxn511gkVILXY67ToQp hYdHQxHENZlM6lA5WIOO0jyEsgBqrrsztjvXlYtpYzh0895HY7ECNCChiR8okCWH BalBVqmN+9pvL1fqqKtc58Oy0m4gD+Zi/Vry4+B5zqN/SwDnWMQPUFrxBNzYZP3z zhe8tEVdv9FfA8YVJkUaytqF0P6nqFgN73HEvW2vvfGoTrh/oM1T0zCSxM0vNrrv cLMSFTka68q4fGGdFGabVhm209xXysduK7opXJC7yMiNYSNcwHQOswwSLd4IvSQZ AKL5gBZWnjPPvzmsy+HaPeBueFhctnsBe5Hgae7GPM7JR0q1wGH2h0ZrA1Tgrq4w 64fLMxVI/BpJuFRrEEJxhIrPSmDToT2QJYxgL4YnQbCvZUu+X8vEaEfFE+Y/mvAq Z2q84BTsMqR1ho58tfmt =Q+6H -----END PGP SIGNATURE----- --------------enig4B47D053FCC99EAF52A03148--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49936B34.6060308>