From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Apr 28 11:20:25 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C32FD16A401 for ; Fri, 28 Apr 2006 11:20:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 287FF43D45 for ; Fri, 28 Apr 2006 11:20:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3SBKNQs041520 for ; Fri, 28 Apr 2006 11:20:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3SBKNkx041517; Fri, 28 Apr 2006 11:20:23 GMT (envelope-from gnats) Date: Fri, 28 Apr 2006 11:20:23 GMT Message-Id: <200604281120.k3SBKNkx041517@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: "Thomas Sandford" Cc: Subject: Re: ports/91806: net/nss_ldap broken with getpwuid* X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thomas Sandford List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2006 11:20:25 -0000 The following reply was made to PR ports/91806; it has been noted by GNATS. From: "Thomas Sandford" To: , Cc: Subject: Re: ports/91806: net/nss_ldap broken with getpwuid* Date: Fri, 28 Apr 2006 12:16:05 +0100 I'm not sure if this is related, but following a recent crash (prior to which my box had run without problems for many months) I have been having similar problems. I have: almaz# portversion -v ... nss_ldap-1.239 < needs updating (port has 1.249) openldap-client-2.3.19 < needs updating (port has 2.3.21) openldap-server-2.3.19 < needs updating (port has 2.3.21) ... almaz# cat /etc/nsswitch.conf # group: compat group: files ldap group_compat: nis hosts: files dns networks: files # passwd: compat passwd: files ldap passwd_compat: nis shells: files almaz# uname -v FreeBSD 5.4-RELEASE #0: Sun May 15 12:31:08 BST 2005 root@almaz.paradisegreen.co.uk:/usr/src/sys/i386/compile/SMP What I find is that immediately after reboot, neither cron nor sshd are able to read user data via nss. eg: almaz# cat /var/log/auth.log # reboot occurred here Apr 26 09:42:00 almaz sshd[477]: Server listening on :: port 22. Apr 26 09:42:00 almaz sshd[477]: Server listening on 0.0.0.0 port 22. # attempt to log in (correct user/password) via ssh Apr 26 10:19:29 almaz sshd[2683]: Illegal user tdgsandf from 10.0.0.6 Apr 26 10:19:29 almaz sshd[2684]: input_userauth_request: illegal user tdgsandf Apr 26 10:19:31 almaz sshd[2683]: Failed unknown for illegal user tdgsandf from 10.0.0.6 port 3559 ssh2 # run "/etc/rc.d/sshd restart" Apr 26 10:20:46 almaz sshd[477]: Received signal 15; terminating. Apr 26 10:20:46 almaz sshd[2721]: Server listening on :: port 22. Apr 26 10:20:46 almaz sshd[2721]: Server listening on 0.0.0.0 port 22. # and try and log in again Apr 26 10:21:09 almaz sshd[2722]: Accepted keyboard-interactive/pam for tdgsandf from 10.0.0.6 port 3560 ssh2 Apr 26 10:21:09 almaz sshd[2722]: nss_ldap: reconnecting to LDAP server... Apr 26 10:21:09 almaz sshd[2722]: nss_ldap: reconnected to LDAP server after 1 a ttempt(s) ... Similarly: almaz# cat /var/log/cron # some time after a reboot Apr 28 11:22:00 almaz /usr/sbin/cron[33972]: (operator) CMD (/usr/libexec/save-e ntropy) # one error for each LDAP user's crontab Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group, set grent, not found Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group, get grent_r, not found Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group, end grent, not found Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, passwd, en dpwent, not found Apr 28 11:25:00 almaz /usr/sbin/cron[34121]: (root) CMD (/usr/libexec/atrun) Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group, set grent, not found Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group, get grent_r, not found Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group, end grent, not found Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, passwd, en dpwent, not found # run "/etc/rc.d/cron restart" # and now all crontabs processed OK Apr 28 11:30:00 almaz /usr/sbin/cron[34455]: (root) CMD (/usr/libexec/atrun) Apr 28 11:33:00 almaz /usr/sbin/cron[34490]: (operator) CMD (/usr/libexec/save-e ntropy) Somehow nss_ldap seems not to be working correctly immediately after boot, and daemons which started before it was running correctly can _never_ pick up information through it until they are restarted. But it looks as though this may be LDAP version rather than nss_ldap version related since my nss_ldap version is unchanged for some time. -- Thomas Sandford