Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Apr 2006 11:20:23 GMT
From:      "Thomas Sandford" <thomas@paradisegreen.co.uk>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/91806: net/nss_ldap broken with getpwuid*
Message-ID:  <200604281120.k3SBKNkx041517@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/91806; it has been noted by GNATS.

From: "Thomas Sandford" <thomas@paradisegreen.co.uk>
To: <bug-followup@FreeBSD.org>,
	<sean@mcneil.com>
Cc:  
Subject: Re: ports/91806: net/nss_ldap broken with getpwuid*
Date: Fri, 28 Apr 2006 12:16:05 +0100

 I'm not sure if this is related, but following a recent crash (prior to 
 which my box had run without problems for many months) I have been having 
 similar problems.
 
 I have:
 almaz# portversion -v
 ...
 nss_ldap-1.239              <  needs updating (port has 1.249)
 openldap-client-2.3.19      <  needs updating (port has 2.3.21)
 openldap-server-2.3.19      <  needs updating (port has 2.3.21)
 ...
 
 almaz# cat /etc/nsswitch.conf
 # group: compat
 group: files ldap
 group_compat: nis
 hosts: files dns
 networks: files
 # passwd: compat
 passwd: files ldap
 passwd_compat: nis
 shells: files
 almaz# uname -v
 FreeBSD 5.4-RELEASE #0: Sun May 15 12:31:08 BST 2005 
 root@almaz.paradisegreen.co.uk:/usr/src/sys/i386/compile/SMP
 
 What I find is that immediately after reboot, neither cron nor sshd are able 
 to read user data via nss.
 
 eg:
 almaz# cat /var/log/auth.log
 # reboot occurred here
 Apr 26 09:42:00 almaz sshd[477]: Server listening on :: port 22.
 Apr 26 09:42:00 almaz sshd[477]: Server listening on 0.0.0.0 port 22.
 # attempt to log in (correct user/password) via ssh
 Apr 26 10:19:29 almaz sshd[2683]: Illegal user tdgsandf from 10.0.0.6
 Apr 26 10:19:29 almaz sshd[2684]: input_userauth_request: illegal user 
 tdgsandf
 Apr 26 10:19:31 almaz sshd[2683]: Failed unknown for illegal user tdgsandf 
 from
 10.0.0.6 port 3559 ssh2
 # run "/etc/rc.d/sshd restart"
 Apr 26 10:20:46 almaz sshd[477]: Received signal 15; terminating.
 Apr 26 10:20:46 almaz sshd[2721]: Server listening on :: port 22.
 Apr 26 10:20:46 almaz sshd[2721]: Server listening on 0.0.0.0 port 22.
 # and try and log in again
 Apr 26 10:21:09 almaz sshd[2722]: Accepted keyboard-interactive/pam for 
 tdgsandf
  from 10.0.0.6 port 3560 ssh2
 Apr 26 10:21:09 almaz sshd[2722]: nss_ldap: reconnecting to LDAP server...
 Apr 26 10:21:09 almaz sshd[2722]: nss_ldap: reconnected to LDAP server after 
 1 a
 ttempt(s)
 ...
 
 Similarly:
 almaz# cat /var/log/cron
 # some time after a reboot
 Apr 28 11:22:00 almaz /usr/sbin/cron[33972]: (operator) CMD 
 (/usr/libexec/save-e
 ntropy)
 # one error for each LDAP user's crontab
 Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group, 
 set
 grent, not found
 Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group, 
 get
 grent_r, not found
 Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group, 
 end
 grent, not found
 Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, 
 passwd, en
 dpwent, not found
 Apr 28 11:25:00 almaz /usr/sbin/cron[34121]: (root) CMD (/usr/libexec/atrun)
 Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group, 
 set
 grent, not found
 Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group, 
 get
 grent_r, not found
 Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group, 
 end
 grent, not found
 Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, 
 passwd, en
 dpwent, not found
 # run "/etc/rc.d/cron restart"
 # and now all crontabs processed OK
 Apr 28 11:30:00 almaz /usr/sbin/cron[34455]: (root) CMD (/usr/libexec/atrun)
 Apr 28 11:33:00 almaz /usr/sbin/cron[34490]: (operator) CMD 
 (/usr/libexec/save-e
 ntropy)
 
 Somehow nss_ldap seems not to be working correctly immediately after boot, 
 and daemons which started before it was running correctly can _never_ pick 
 up information through it until they are restarted.
 
 But it looks as though this may be LDAP version rather than nss_ldap version 
 related since my nss_ldap version is unchanged for some time.
 
 -- 
 Thomas Sandford 
 
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604281120.k3SBKNkx041517>