Re: Upgrade from 0.7 to 0.8 having auth problems
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Upgrade from 0.7 to 0.8 having auth problems
- From: Andy Colson <andy [at] squeakycode.net>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Upgrade from 0.7 to 0.8 having auth problems
- Date: Wed, 21 Nov 2012 09:01:47 -0600
On 11/20/2012 3:45 PM, Arthur de Jong wrote:
Another interesting bit from the strace is:
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
If you are not running su under strace, does nslcd show the shadow
lookup? Did the strace output and nslcd debug output match the same try?
I ran "nslcd -d" and first did "su andyc" and copied the nslcd output.
Then I ran "strace su andyc 2> strace.log".
I just now did two tests.
"nslcd -d 2> normal" and then did "su andyc"
then restart nslcd and did:
"nslcd -d 2> strace" and then did "strace su andyc"
They are different. The normal one has two extra calls:
normal> nslcd: [7b23c6] DEBUG: nslcd_passwd_byname(andyc)
both> nslcd: [3c9869] DEBUG: nslcd_shadow_byname(andyc)
normal> nslcd: [334873] DEBUG: nslcd_group_bymember(andyc)
A wild guess, but could you try nss-pam-ldapd 0.8.10?
I will build a package and give it a try right now.
Lastly is the user andy or andyc in /etc/passwd or /etc/shadow?
andy is only local in /etc/paswd
andyc is only in ldap
-Andy
nslcd: DEBUG: add_uri(ldap://192.168.10.12/)
nslcd: version 0.7.17 starting
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(2) done
nslcd: DEBUG: setuid(2) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=24533 uid=0 gid=100
nslcd: [8b4567] DEBUG: nslcd_passwd_byuid(-1)
nslcd: [8b4567] DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uidNumber=-1))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***")
(uri="ldap://192.168.10.12/";)
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=24533 uid=0 gid=100
nslcd: [7b23c6] DEBUG: nslcd_passwd_byname(andyc)
nslcd: [7b23c6] DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uid=andyc))")
nslcd: [7b23c6] DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG:
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***")
(uri="ldap://192.168.10.12/";)
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=24533 uid=0 gid=100
nslcd: [3c9869] DEBUG: nslcd_shadow_byname(andyc)
nslcd: [3c9869] DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(objectClass=shadowAccount)(uid=andyc))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG:
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***")
(uri="ldap://192.168.10.12/";)
nslcd: [3c9869] DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=24533 uid=0 gid=100
nslcd: [334873] DEBUG: nslcd_group_bymember(andyc)
nslcd: [334873] DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uid=andyc))")
nslcd: [334873] DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [334873] DEBUG: ldap_set_rebind_proc()
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] DEBUG:
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***")
(uri="ldap://192.168.10.12/";)
nslcd: [334873] DEBUG: myldap_search(base="ou=groups,dc=camavision,dc=com",
filter="(&(objectClass=posixGroup)(|(memberUid=andyc)(uniqueMember=uid=andyc,ou=users,dc=camavision,dc=com)))")
nslcd: [334873] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: ldap_unbind()
nslcd: [334873] DEBUG: ldap_unbind()
nslcd: [8b4567] DEBUG: ldap_unbind()
nslcd: [7b23c6] DEBUG: ldap_unbind()
nslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): Permission
denied
nslcd: DEBUG: unlink() of /var/run/nslcd/nslcd.pid failed (ignored): Permission
denied
nslcd: version 0.7.17 bailing out
nslcd: DEBUG: add_uri(ldap://192.168.10.12/)
nslcd: version 0.7.17 starting
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(2) done
nslcd: DEBUG: setuid(2) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=24549 uid=1000 gid=100
nslcd: [8b4567] DEBUG: nslcd_passwd_byuid(-1)
nslcd: [8b4567] DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uidNumber=-1))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***")
(uri="ldap://192.168.10.12/";)
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=24549 uid=1000 gid=100
nslcd: [3c9869] DEBUG: connection from pid=24549 uid=1000 gid=100
nslcd: [3c9869] DEBUG: nslcd_passwd_byname(andyc)
nslcd: [3c9869] DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uid=andyc))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG:
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***")
(uri="ldap://192.168.10.12/";)
nslcd: [3c9869] DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=24549 uid=1000 gid=100
nslcd: [8b4567] DEBUG: ldap_unbind()
nslcd: [3c9869] DEBUG: ldap_unbind()
nslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): Permission
denied
nslcd: DEBUG: unlink() of /var/run/nslcd/nslcd.pid failed (ignored): Permission
denied
nslcd: version 0.7.17 bailing out
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Re: Upgrade from 0.7 to 0.8 having auth problems, (continued)
