From owner-freebsd-stable@FreeBSD.ORG Thu Mar 6 21:27:39 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B2DD3F8 for ; Thu, 6 Mar 2014 21:27:39 +0000 (UTC) Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 80D6FD5B for ; Thu, 6 Mar 2014 21:27:39 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 42470B945; Thu, 6 Mar 2014 16:27:38 -0500 (EST) From: John Baldwin To: freebsd-stable@freebsd.org Subject: Re: NSS ldap errors Date: Thu, 6 Mar 2014 16:21:15 -0500 User-Agent: KMail/1.13.5 (FreeBSD/8.4-CBSD-20130906; KDE/4.5.5; amd64; ; ) References: <53174346.6070703@phat.za.net> <2FA6FDB3-6F13-4C86-A9CD-EDD88EE072EA@longcount.org> In-Reply-To: <2FA6FDB3-6F13-4C86-A9CD-EDD88EE072EA@longcount.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201403061621.16046.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Thu, 06 Mar 2014 16:27:38 -0500 (EST) Cc: Mark Saad X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2014 21:27:39 -0000 On Wednesday, March 05, 2014 9:41:21 pm Mark Saad wrote: > > Looping the list back in . > > > On Mar 5, 2014, at 10:31 AM, Aragon Gouveia wrote: > > > > Hi, > > > > I'm trying to implement net/nss-pam-ldapd on 9.2-RELEASE, and hitting some NSS issues. PAM authentication with SSH works fine, but there are a lot of NSS errors in /var/log/debug.log: > > > > Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): ldap, passwd, getpwnam_r, not found, and no fallback provided > > Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): ldap, group, setgrent, not found, and no fallback provided > > Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): ldap, group, getgrent_r, not found, and no fallback provided > > Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): ldap, group, endgrent, not found, and no fallback provided > > Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): ldap, passwd, endpwent, not found, and no fallback provided > > Mar 4 17:15:11 cstor1 -bash: NSSWITCH(_nsdispatch): ldap, passwd, getpwuid_r, not found, and no fallback provided > > Mar 4 17:15:11 cstor1 -bash: NSSWITCH(_nsdispatch): ldap, passwd, endpwent, not found, and no fallback provided > > > > And in the case of bash, it's unable to resolve the LDAP username, and the resulting PS1 prompt shows: > > > > [I have no name!@cstor1 ~]$ > > > > The author of nss-pam-ldapd isn't sure what the problem is: > > > > http://lists.arthurdejong.org/nss-pam-ldapd-users/2014/msg00044.html > > > > FWIW, the same problems occur with net/nss_ldap. > > > > Any NSS gurus who can help? > > > > > > Thanks, > > Aragon > > > This is related to using bash-static as root's shell . As well as setting non root users login shell to bash-static . > The "I have no name" user name issue and the the getpwuid* calls failing have to do with the fact that bash-static can not load some library , but my memory is lost on the exact library and details . I wasted a bunch of time on this in 7.2-RELEASE and it took a while to debug this . Using a standard port of bash or any other shell resolved this for me . Yes, static binaries have no copy of the runtime linker around, so they can't invoke dlopen() to open nss_foo.so modules. I have no idea if you can use nscd to work around this for static binaries. -- John Baldwin