ports/91806: net/nss_ldap broken with getpwuid*
Thomas Sandford
thomas at paradisegreen.co.uk
Fri Apr 28 11:20:25 UTC 2006
The following reply was made to PR ports/91806; it has been noted by GNATS.
From: "Thomas Sandford" <thomas at paradisegreen.co.uk>
To: <bug-followup at FreeBSD.org>,
<sean at mcneil.com>
Cc:
Subject: Re: ports/91806: net/nss_ldap broken with getpwuid*
Date: Fri, 28 Apr 2006 12:16:05 +0100
I'm not sure if this is related, but following a recent crash (prior to
which my box had run without problems for many months) I have been having
similar problems.
I have:
almaz# portversion -v
...
nss_ldap-1.239 < needs updating (port has 1.249)
openldap-client-2.3.19 < needs updating (port has 2.3.21)
openldap-server-2.3.19 < needs updating (port has 2.3.21)
...
almaz# cat /etc/nsswitch.conf
# group: compat
group: files ldap
group_compat: nis
hosts: files dns
networks: files
# passwd: compat
passwd: files ldap
passwd_compat: nis
shells: files
almaz# uname -v
FreeBSD 5.4-RELEASE #0: Sun May 15 12:31:08 BST 2005
root at almaz.paradisegreen.co.uk:/usr/src/sys/i386/compile/SMP
What I find is that immediately after reboot, neither cron nor sshd are able
to read user data via nss.
eg:
almaz# cat /var/log/auth.log
# reboot occurred here
Apr 26 09:42:00 almaz sshd[477]: Server listening on :: port 22.
Apr 26 09:42:00 almaz sshd[477]: Server listening on 0.0.0.0 port 22.
# attempt to log in (correct user/password) via ssh
Apr 26 10:19:29 almaz sshd[2683]: Illegal user tdgsandf from 10.0.0.6
Apr 26 10:19:29 almaz sshd[2684]: input_userauth_request: illegal user
tdgsandf
Apr 26 10:19:31 almaz sshd[2683]: Failed unknown for illegal user tdgsandf
from
10.0.0.6 port 3559 ssh2
# run "/etc/rc.d/sshd restart"
Apr 26 10:20:46 almaz sshd[477]: Received signal 15; terminating.
Apr 26 10:20:46 almaz sshd[2721]: Server listening on :: port 22.
Apr 26 10:20:46 almaz sshd[2721]: Server listening on 0.0.0.0 port 22.
# and try and log in again
Apr 26 10:21:09 almaz sshd[2722]: Accepted keyboard-interactive/pam for
tdgsandf
from 10.0.0.6 port 3560 ssh2
Apr 26 10:21:09 almaz sshd[2722]: nss_ldap: reconnecting to LDAP server...
Apr 26 10:21:09 almaz sshd[2722]: nss_ldap: reconnected to LDAP server after
1 a
ttempt(s)
...
Similarly:
almaz# cat /var/log/cron
# some time after a reboot
Apr 28 11:22:00 almaz /usr/sbin/cron[33972]: (operator) CMD
(/usr/libexec/save-e
ntropy)
# one error for each LDAP user's crontab
Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group,
set
grent, not found
Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group,
get
grent_r, not found
Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap, group,
end
grent, not found
Apr 28 11:22:00 almaz cron[33972]: NSSWITCH(nss_method_lookup): ldap,
passwd, en
dpwent, not found
Apr 28 11:25:00 almaz /usr/sbin/cron[34121]: (root) CMD (/usr/libexec/atrun)
Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group,
set
grent, not found
Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group,
get
grent_r, not found
Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap, group,
end
grent, not found
Apr 28 11:25:00 almaz cron[34121]: NSSWITCH(nss_method_lookup): ldap,
passwd, en
dpwent, not found
# run "/etc/rc.d/cron restart"
# and now all crontabs processed OK
Apr 28 11:30:00 almaz /usr/sbin/cron[34455]: (root) CMD (/usr/libexec/atrun)
Apr 28 11:33:00 almaz /usr/sbin/cron[34490]: (operator) CMD
(/usr/libexec/save-e
ntropy)
Somehow nss_ldap seems not to be working correctly immediately after boot,
and daemons which started before it was running correctly can _never_ pick
up information through it until they are restarted.
But it looks as though this may be LDAP version rather than nss_ldap version
related since my nss_ldap version is unchanged for some time.
--
Thomas Sandford
More information about the freebsd-ports-bugs
mailing list