> Hartmut Brandt wrote: >> On Sun, 15 Mar 2009, Tom McLaughlin wrote: >> >> TM>Hartmut Brandt wrote: >> TM>> On Tue, 10 Mar 2009, Tom McLaughlin wrote: >> TM>> >> TM>> TM>Doug Rabson wrote: <snip> > > Today I found this posting here having much trouble with authetication > on some clients. > > After an update of the LDAP server from OpenLDAP 2.4.14 to 2.4.15 and > updating db-4.6 to db-4.7 (all on the server, server runs FreeBSD > 7.1-STABLE/i386), I have no luck log in via ssh on any client (client > runs FreeBSD 8.0-CURRENT/amd64). Client has also db-4.7 and OpenLDAP > 2.4.15 and I recompiled pam_ldap and nss_ldap when updated OpenLDAP > 2.4.14 to OpenLDAP 2.4.15. > > Checking console log gives me this: > > Mar 16 11:04:34 thusnelda sshd[1560]: fatal: login_get_lastlog: Cannot > find account for uid 1000 > Mar 16 11:04:34 thusnelda sshd[1560]: syslogin_perform_logout: logout() > returned an error > > > Checking sshd.log gives this:Mar 16 11:04:19 thusnelda sshd[1560]: > Accepted keyboard-interactive/pam for user from XXX.XXX.XXX.XXX port > 61861 ssh2 > Mar 16 11:04:19 thusnelda sshd[1563]: nss_ldap: could not get LDAP > result - Can't contact LDAP server > Mar 16 11:04:34 thusnelda sshd[1563]: nss_ldap: could not get LDAP > result - Timed out > Mar 16 11:04:34 thusnelda sshd[1560]: nss_ldap: could not search LDAP > server - Server is unavailable > Mar 16 11:04:34 thusnelda sshd[1560]: fatal: login_get_lastlog: Cannot > find account for uid 1000 > Mar 16 11:04:34 thusnelda sshd[1560]: syslogin_perform_logout: logout() > returned an error > > This happens now on all boxes running the most recent OpenLDAP 2.4.15. > > is there a serious issue we should PR? > > Thanks in advance, > Oliver > Need a lot more info here. The issue in this thread has been related to GSSAPI and nss_ldap and manifests itself when you use krb5_ccname in the nss_ldap.conf. Is the problem only related to authentication? Only sshd? If you're on the box does nss_ldap work fine and enumerate all users and groups just fine? Are only -CURRENT boxes showing problems? What about -STABLE? When did everything break? What do the ldap server logs say if you have access to them? (Might want to bump up the loglevel on openldap too.) tomReceived on Mon Mar 16 2009 - 13:14:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:44 UTC