nss_ldap SSL/TLS problems..

Benjamin Lee ben at b1c1l1.com
Wed Feb 11 16:20:15 PST 2009

On 02/10/2009 10:08 PM, Arjun Singh wrote:
> Thanks for the advice. I tried to see if I could get nscd to solve anything,
> but it seems to just hide the problem, and not completely. With nscd
> enabled, the first login fails. After that, it's fine..
> I get the following in auth.log corresponding with the failed first login
> (with the correct pw):
> Feb 10 22:03:23 new-hkn sshd[59371]: nss_ldap: could not search LDAP server
> - Server is unavailable
> Feb 10 22:03:23 new-hkn sshd[59371]: fatal: login_get_lastlog: Cannot find
> account for uid 10000
> Feb 10 22:03:23 new-hkn sshd[59371]: syslogin_perform_logout: logout()
> returned an error

It appears to be a bug when using nss_ldap with RELENG_7, as I have been
unable to reproduce the issue on machines running 6.2-RELEASE and
6.3-RELEASE, regardless of the version of OpenLDAP.  In my environment,
the machines use pam_krb5 for authentication, so the problem is
definitely not related to pam_ldap.  Have you filed a problem report?

Benjamin Lee

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090212/594948da/signature.pgp

More information about the freebsd-questions mailing list