Re: nslcd crashing on Freebsd 12

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Sacha Clayton <sacha [at] witopia.net>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: nslcd crashing on Freebsd 12
Date: Fri, 18 Jan 2019 19:03:35 -0500

Yup that was it.  Reverting to base openssl has resolved the problem.

Thanks, Ryan
S

On 1/17/19 9:33 PM, Ryan Bethke wrote:
> We have experienced this exact same issue.  FreeBSD 12 base was upgraded
> to openssl-1.1.1.  When compiling against the openssl 1.0.2 port, there
> seems to be some linking against the base openssl implementation. 
> Running the following command should show that symptom:
> 
> 
> # ldd /usr/local/sbin/nslcd
> 
> 
> We decided to revert back to the base openssl implementation, and nslcd
> has been working just fine.
> 
> 
> Ryan
> 
> ------------------------------------------------------------------------
> *From:* nss-pam-ldapd-users
> <nss-pam-ldapd-users-bounces+ryanb=honeycomb.net@lists.arthurdejong.org>
> on behalf of Sacha Clayton <sacha@witopia.net>
> *Sent:* Thursday, January 17, 2019 8:07:00 PM
> *To:* nss-pam-ldapd-users@lists.arthurdejong.org
> *Subject:* nslcd crashing on Freebsd 12
>  
> nslcd crashes (signal 11, core dumped) every time it tries to make a
> connection to my ldap server.  It looks like it is failing when trying
> to initialize the TLS connection.  The strange thing is all other ldap
> queries work fine; I can ldapsearch over a TLS connection without error.
>  This also works fine on Freebsd 11.2 using ports built from the same
> port tree revision.
> 
> I am unsure how to troubleshoot this further.  Does anyone have any
> advice on how to proceed?
> 
> Thanks
> S
> 
> 
> Diagnostic info:
> 
> The server is Freebsd 12.0-release-p1 r341666.  It is a bhyve vm running
> on a 11.2-release-p4 host.
> 
> Software versions:
> 
> nss-pam-ldapd-0.9.10
> openldap-client-2.4.47
> openssl-1.0.2q
> 
> Debug (-dd) output:
> 
> nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
> nslcd: [00834d] DEBUG: connection from pid=18446744073709551615 uid=0 gid=0
> nslcd: [00834d] <passwd="sacha"> DEBUG:
> myldap_search(base="dc=witopia,dc=net",
> filter="(&(objectClass=posixAccount)(uid=sacha))")
> nslcd: [00834d] <passwd="sacha"> DEBUG:
> ldap_initialize(ldap://74.115.160.100)
> ldap_create
> ldap_url_parse_ext(ldap://74.115.160.100)
> nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_rebind_proc()
> nslcd: [00834d] <passwd="sacha"> DEBUG:
> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
> nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
> nslcd: [00834d] <passwd="sacha"> DEBUG:
> ldap_set_option(LDAP_OPT_TIMELIMIT,0)
> nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
> nslcd: [00834d] <passwd="sacha"> DEBUG:
> ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
> nslcd: [00834d] <passwd="sacha"> DEBUG:
> ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
> nslcd: [00834d] <passwd="sacha"> DEBUG:
> ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
> nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_start_tls_s()
> ldap_extended_operation_s
> ldap_extended_operation
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP 74.115.160.100:389
> ldap_new_socket: 6
> ldap_prepare_socket: 6
> ldap_connect_to_host: Trying 74.115.160.100:389
> ldap_pvt_connect: fd: 6 tm: 10 async: 0
> ldap_ndelay_on: 6
> attempting to connect:
> connect errno: 36
> ldap_int_poll: fd: 6 tm: 10
> ldap_is_sock_ready: 6
> ldap_ndelay_off: 6
> ldap_pvt_connect: 0
> ldap_open_defconn: successful
> ldap_send_server_request
> ldap_result ld 0x800fba030 msgid 1
> wait4msg ld 0x800fba030 msgid 1 (timeout 10000000 usec)
> wait4msg continue ld 0x800fba030 msgid 1 all 1
> ** ld 0x800fba030 Connections:
> * host: 74.115.160.100  port: 389  (default)
>   refcnt: 2  status: Connected
>   last used: Fri Jan 18 00:52:59 2019
> 
> 
> ** ld 0x800fba030 Outstanding Requests:
>  * msgid 1,  origid 1, status InProgress
>    outstanding referrals 0, parent count 0
>   ld 0x800fba030 request count 1 (abandoned 0)
> ** ld 0x800fba030 Response Queue:
>    Empty
>   ld 0x800fba030 response count 0
> ldap_chkResponseList ld 0x800fba030 msgid 1 all 1
> ldap_chkResponseList returns ld 0x800fba030 NULL
> ldap_int_select
> read1msg: ld 0x800fba030 msgid 1 all 1
> read1msg: ld 0x800fba030 msgid 1 message type extended-result
> read1msg: ld 0x800fba030 0 new referrals
> read1msg:  mark request completed, ld 0x800fba030 msgid 1
> request done: ld 0x800fba030 msgid 1
> res_errno: 0, res_error: <>, res_matched: <>
> ldap_free_request (origid 1, msgid 1)
> ldap_parse_extended_result
> ldap_parse_result
> ldap_msgfree
> TLS trace: SSL_connect:before/connect initialization
> TLS trace: SSL_connect:failed in SSLv2/v3 write client hello B
> TLS: can't connect: .
> Segmentation fault
> 
> 
> Server side log:
> 
> Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 ACCEPT from
> IP=74.115.160.77:54909 (IP=0.0.0.0:389)
> Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 EXT
> oid=1.3.6.1.4.1.1466.20037
> Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 STARTTLS
> Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 RESULT oid= err=0 text=
> Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 closed (TLS
> negotiation failure)
> 
> 
>

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

nslcd crashing on Freebsd 12, Sacha Clayton
- Re: nslcd crashing on Freebsd 12, Ryan Bethke
  - Re: nslcd crashing on Freebsd 12, Sacha Clayton

Prev by Date: Re: nslcd crashing on Freebsd 12
Next by Date: Re: nslcd asking for deref
Previous by thread: Re: nslcd crashing on Freebsd 12
Next by thread: Re: nslcd asking for deref