From owner-freebsd-stable@FreeBSD.ORG Thu Mar 6 22:41:50 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E061137C for ; Thu, 6 Mar 2014 22:41:49 +0000 (UTC) Received: from mail-yk0-f171.google.com (mail-yk0-f171.google.com [209.85.160.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A0E7D6D8 for ; Thu, 6 Mar 2014 22:41:49 +0000 (UTC) Received: by mail-yk0-f171.google.com with SMTP id q9so8490312ykb.2 for ; Thu, 06 Mar 2014 14:41:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:from:content-type:in-reply-to :message-id:date:to:content-transfer-encoding:mime-version; bh=q19hhhQViqYMh5O0+BXaAibQkEXGi6RhxB1b3AkNN3Y=; b=KYHGYDClxflucpu+Lk9Yh9GdvC2DfddIYpymKGqAnUE2c3WX3Oyh1D9Nc3bbNqCx4Y QzrA4u+yZg3f+q0sj3+JxmIjIqdKhPjOt11lb+Yivz5/P9FJuOY/wU4GHXwtSCEbqQTp mzRIxwGKvJAMxPnmW2ut4CI+xPzqDJJedn7eUlwBnZkymxzP5wHOD0ZPmLV5GykkwjsQ kq3+eGqxyCVgCixpwQaG8PW/RwfcEA5veFrKKGZZfGhY8BwP+tWDN/fQXzgeJ61uJF0L 9zWZerFb7GUaoV/ZbFCIp15GgifgKkDRjyMlNE4bE8HWk49MUJqbejiO4b2NG0e3H4TR zEGg== X-Gm-Message-State: ALoCoQlB4c9i4rSoWEvgU0MYiLEFL6Acifh+JV270aG/ozcJv6WV7xrKVpVmb+GzXhLmXakxX5Kl X-Received: by 10.236.129.36 with SMTP id g24mr18207268yhi.103.1394145379300; Thu, 06 Mar 2014 14:36:19 -0800 (PST) Received: from [97.61.22.127] (127.sub-97-61-22.myvzw.com. [97.61.22.127]) by mx.google.com with ESMTPSA id g26sm22618051yhk.3.2014.03.06.14.36.17 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 06 Mar 2014 14:36:18 -0800 (PST) Subject: Re: NSS ldap errors References: <53174346.6070703@phat.za.net> <2FA6FDB3-6F13-4C86-A9CD-EDD88EE072EA@longcount.org> <201403061621.16046.jhb@freebsd.org> From: Mark Saad Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (11B651) In-Reply-To: <201403061621.16046.jhb@freebsd.org> Message-Id: Date: Thu, 6 Mar 2014 17:36:12 -0500 To: "freebsd-stable@freebsd.org" Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2014 22:41:50 -0000 > On Mar 6, 2014, at 4:21 PM, John Baldwin wrote: >=20 >> On Wednesday, March 05, 2014 9:41:21 pm Mark Saad wrote: >>=20 >> Looping the list back in . >>=20 >>> On Mar 5, 2014, at 10:31 AM, Aragon Gouveia wrote: >>>=20 >>> Hi, >>>=20 >>> I'm trying to implement net/nss-pam-ldapd on 9.2-RELEASE, and hitting so= me NSS issues. PAM authentication with SSH works fine, but there are a lot > of NSS errors in /var/log/debug.log: >>>=20 >>> Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, passwd, getpwnam_r, not found, and no fallback provided >>> Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, group, setgrent, not found, and no fallback provided >>> Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, group, getgrent_r, not found, and no fallback provided >>> Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, group, endgrent, not found, and no fallback provided >>> Mar 4 17:15:00 cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, passwd, endpwent, not found, and no fallback provided >>> Mar 4 17:15:11 cstor1 -bash: NSSWITCH(_nsdispatch): ldap, p= asswd, getpwuid_r, not found, and no fallback provided >>> Mar 4 17:15:11 cstor1 -bash: NSSWITCH(_nsdispatch): ldap, p= asswd, endpwent, not found, and no fallback provided >>>=20 >>> And in the case of bash, it's unable to resolve the LDAP username, and t= he resulting PS1 prompt shows: >>>=20 >>> [I have no name!@cstor1 ~]$ >>>=20 >>> The author of nss-pam-ldapd isn't sure what the problem is: >>>=20 >>> http://lists.arthurdejong.org/nss-pam-ldapd-users/2014/msg00044.html >>>=20 >>> FWIW, the same problems occur with net/nss_ldap. >>>=20 >>> Any NSS gurus who can help? >>>=20 >>>=20 >>> Thanks, >>> Aragon >>=20 >>=20 >> This is related to using bash-static as root's shell . As well as setting= non root users login shell to bash-static . >> The "I have no name" user name issue and the the getpwuid* calls failing h= ave to do with the fact that bash-static can not load some library , but my > memory is lost on the exact library and details . I wasted a bunch of time= on this in 7.2-RELEASE and it took a while to debug this . Using a standar= d=20 > port of bash or any other shell resolved this for me .=20 >=20 > Yes, static binaries have no copy of the runtime linker around, so they ca= n't > invoke dlopen() to open nss_foo.so modules. I have no idea if you can use= > nscd to work around this for static binaries. >=20 John, I tested both with nscd and straight lookups and I had the same issue e= ither way .=20 As soon as you said "can't dlopen nss_libfoo" it all came back to me . I had= bash-static with the remote syslog patch as everyone's shell . It took a wh= ile to track down if it was the syslog patch or the static shell .=20 > --=20 > John Baldwin --- Mark saad | mark.saad@longcount.org=20=