Can't login from node
[Date Prev][Date Next] [Thread Prev][Thread Next]Can't login from node
- From: Bruno Santos <bacmsantos [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Can't login from node
- Date: Sun, 19 Nov 2017 12:00:39 +0000
Hi everyone,
I am trying to set-up a cluster that uses Open-LDAP authentication on debian 9 stretch.
I have installed libnss-ldapd to handle authentication to the LDAP server but I am getting something wrong.
My LDAP users cannot login from the nodes despite having the same configuration as the others nodes on the network. If start nslcd in debug mode I get the following
root@brassica:/home/santosb# /etc/init.d/nscd stop
[ ok ] Stopping nscd (via systemctl): nscd.service.
root@brassica:/home/santosb# /etc/init.d/nslcd stop
[ ok ] Stopping nslcd (via systemctl): nslcd.service.
root@brassica:/home/santosb# nslcd -d
nslcd: DEBUG: NSS_LDAP nss-pam-ldapd 0.9.7
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/certs/ca-certi ficates.crt")
nslcd: DEBUG: CFG: threads 5
nslcd: DEBUG: CFG: uid nslcd
nslcd: DEBUG: CFG: gid 111
nslcd: DEBUG: CFG: uri ldap://10.1.10.37/
nslcd: DEBUG: CFG: uri ldap://10.1.10.37:666
nslcd: DEBUG: CFG: ldap_version 3
nslcd: DEBUG: CFG: base dc=niab,dc=com
nslcd: DEBUG: CFG: scope sub
nslcd: DEBUG: CFG: deref never
nslcd: DEBUG: CFG: referrals yes
nslcd: DEBUG: CFG: filter aliases (objectClass=nisMailAlias)
nslcd: DEBUG: CFG: filter ethers (objectClass=ieee802Device)
nslcd: DEBUG: CFG: filter group (objectClass=posixGroup)
nslcd: DEBUG: CFG: filter hosts (objectClass=ipHost)
nslcd: DEBUG: CFG: filter netgroup (objectClass=nisNetgroup)
nslcd: DEBUG: CFG: filter networks (objectClass=ipNetwork)
nslcd: DEBUG: CFG: filter passwd (objectClass=posixAccount)
nslcd: DEBUG: CFG: filter protocols (objectClass=ipProtocol)
nslcd: DEBUG: CFG: filter rpc (objectClass=oncRpc)
nslcd: DEBUG: CFG: filter services (objectClass=ipService)
nslcd: DEBUG: CFG: filter shadow (objectClass=shadowAccount)
nslcd: DEBUG: CFG: map group userPassword "*"
nslcd: DEBUG: CFG: map passwd userPassword "*"
nslcd: DEBUG: CFG: map passwd gecos "${gecos:-$cn}"
nslcd: DEBUG: CFG: map shadow userPassword "*"
nslcd: DEBUG: CFG: map shadow shadowLastChange "${shadowLastChange:--1}"
nslcd: DEBUG: CFG: map shadow shadowMin "${shadowMin:--1}"
nslcd: DEBUG: CFG: map shadow shadowMax "${shadowMax:--1}"
nslcd: DEBUG: CFG: map shadow shadowWarning "${shadowWarning:--1}"
nslcd: DEBUG: CFG: map shadow shadowInactive "${shadowInactive:--1}"
nslcd: DEBUG: CFG: map shadow shadowExpire "${shadowExpire:--1}"
nslcd: DEBUG: CFG: map shadow shadowFlag "${shadowFlag:-0}"
nslcd: DEBUG: CFG: pam_authc_ppolicy yes
nslcd: DEBUG: CFG: bind_timelimit 10
nslcd: DEBUG: CFG: timelimit 0
nslcd: DEBUG: CFG: idle_timelimit 0
nslcd: DEBUG: CFG: reconnect_sleeptime 1
nslcd: DEBUG: CFG: reconnect_retrytime 10
nslcd: DEBUG: CFG: ssl off
nslcd: DEBUG: CFG: tls_reqcert demand
nslcd: DEBUG: CFG: tls_cacertfile /etc/ssl/certs/ca-certificates.crt
nslcd: DEBUG: CFG: pagesize 0
nslcd: DEBUG: CFG: nss_min_uid 0
nslcd: DEBUG: CFG: nss_nested_groups no
nslcd: DEBUG: CFG: nss_getgrent_skipmembers no
nslcd: DEBUG: CFG: nss_disable_enumeration no
nslcd: DEBUG: CFG: validnames /^[a-z0-9._@$()]([a-z0-9._@$() \~-]*[a-z0-9._@$()~ -])?$/i
nslcd: DEBUG: CFG: ignorecase no
nslcd: DEBUG: CFG: cache dn2uid 15m 15m
nslcd: version 0.9.7 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file o r directory
nslcd: DEBUG: initgroups("nslcd",111) done
nslcd: DEBUG: setgid(111) done
nslcd: DEBUG: setuid(107) done
nslcd: accepting connections
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [8b4567] DEBUG: connection from pid=6163 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [8b4567] <passwd="bsantos"> DEBUG: myldap_search(base="dc=niab,dc=com", filter="(&(objectClass=posixAccount)(uid=bsantos))")
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_initialize(ldap://10.1.10.37/)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://10.1.10.37/")
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_result(): cn=Bruno Santos,ou=People,dc=niab,dc=com
nslcd: [8b4567] <passwd="bsantos"> DEBUG: ldap_result(): end of results (1 total)
The only difference between the nodes seems to be the version of libnss-ldap with the one working running 0.9.4 and the one that does not running 0.9.7.
Any idea what could be going on?
Best,
Bruno Santos
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- Can't login from node, Bruno Santos
- Prev by Date: Re: Two concurrent sessions seen with 'threads=1'
- Next by Date: Fwd: Openldap/authconfig authenticating multiple times
- Previous by thread: Re: Two concurrent sessions seen with 'threads=1'
- Next by thread: Fwd: Openldap/authconfig authenticating multiple times