Problem: FreeBSD 7.x && ssh v2 && nss_ldap
Benjamin Lee
ben at b1c1l1.com
Wed Apr 15 19:32:54 UTC 2009
On 04/15/2009 01:33 AM, Konrad Heuer wrote:
>
> I see a problem on two systems running FreeBSD 7.0 or 7.1 which are
> configured as OpenLDAP clients using the nss_ldap module.
>
> When someone logs on using ssh protocol version 2 the session will not
> be initialized correctly. The user will only get his primary group
> affiliation but no affiliation to other groups (memberUid attribute in
> LDAP group entries).
>
> On 7.1 the ssh login process hangs forever with open ldap queries, on
> 7.0 the group list is incomplete. On several 6.x systems, all works
> correctly.
> I have used the configuration for years now.
>
> There are some workarounds I found:
>
> a) use ssh protocol version 1
> b) set UseLogin to yes in sshd_config
> c) avoid ssl encryption in communication to ldap server
> (ldap://... uri instead of ldaps://... in ldap.conf)
>
> Does anybody see similar problems? Does anybody have an idea what may
> couse the problem?
I recently submitted ports/133501 regarding this issue, but I have not
yet received a response.
My workaround was to disable pthread_atfork support, so the problem
might be related to the change from libkse to libthr in RELENG_7.
--
Benjamin Lee
http://www.b1c1l1.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090415/a056767e/signature.pgp
More information about the freebsd-questions
mailing list