Re: Upgrade from 0.7 to 0.8 having auth problems

[Andy Colson <andy [at] squeakycode.net>]

On 11/21/2012 9:05 AM, Andy Colson wrote:
> On 11/21/2012 9:01 AM, Andy Colson wrote:
> > On 11/20/2012 3:45 PM, Arthur de Jong wrote:
> > > Another interesting bit from the strace is:
> > > open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
> > >
> > > If you are not running su under strace, does nslcd show the shadow
> > > lookup? Did the strace output and nslcd debug output match the same try?
> >
> > I ran "nslcd -d" and first did "su andyc" and copied the nslcd output.
> > Then I ran "strace su andyc 2> strace.log".
> >
> > I just now did two tests.
> > "nslcd -d 2> normal" and then did "su andyc"
> >
> > then restart nslcd and did:
> > "nslcd -d 2> strace" and then did "strace su andyc"

After installing 0.8.12, I redid the same thing.  The strace.log has 
this extra line:

nslcd: [7b23c6] DEBUG: denied shadow request by non-root user


I also installed 0.8.10, and it doesn't work either.  The nslcd -d log 
is very similar.  At the very top:

>8.12
nslcd: version 0.8.12 starting
nslcd: DEBUG: initgroups("daemon",2) done


>8.10
nslcd: version 0.8.10 starting
nslcd: DEBUG: setgroups(0,NULL) done


Then further down, 8.12 has this warning:
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable

where 8.10 does not.

-Andy

nslcd: DEBUG: add_uri(ldap://192.168.10.12/)
nslcd: version 0.8.12 starting
nslcd: DEBUG: initgroups("daemon",2) done
nslcd: DEBUG: setgid(2) done
nslcd: DEBUG: setuid(2) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=25734 uid=0 gid=100
nslcd: [8b4567] <passwd=-1> DEBUG: 
myldap_search(base="ou=users,dc=camavision,dc=com", 
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uidNumber=-1))")
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [8b4567] <passwd=-1> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd=-1> DEBUG: 
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***") 
(uri="ldap://192.168.10.12/";)
nslcd: [8b4567] <passwd=-1> DEBUG: set_socket_timeout(2,500000)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_result(): end of results (0 total)
nslcd: [7b23c6] DEBUG: connection from pid=25734 uid=0 gid=100
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [7b23c6] <passwd="andyc"> DEBUG: 
myldap_search(base="ou=users,dc=camavision,dc=com", 
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uid=andyc))")
nslcd: [7b23c6] <passwd="andyc"> DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: 
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***") 
(uri="ldap://192.168.10.12/";)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: set_socket_timeout(2,500000)
nslcd: [7b23c6] <passwd="andyc"> DEBUG: ldap_result(): 
uid=andyc,ou=users,dc=camavision,dc=com
nslcd: [7b23c6] <passwd="andyc"> (re)loading /etc/nsswitch.conf
nslcd: [7b23c6] <passwd="andyc"> DEBUG: ldap_result(): end of results (1 total)
nslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: set_socket_timeout(1,0)
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: set_socket_timeout(1,0)
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): Permission 
denied
nslcd: DEBUG: unlink() of /var/run/nslcd/nslcd.pid failed (ignored): Permission 
denied
nslcd: version 0.8.12 bailing out

nslcd: DEBUG: add_uri(ldap://192.168.10.12/)
nslcd: version 0.8.12 starting
nslcd: DEBUG: initgroups("daemon",2) done
nslcd: DEBUG: setgid(2) done
nslcd: DEBUG: setuid(2) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=25753 uid=1000 gid=100
nslcd: [8b4567] <passwd=-1> DEBUG: 
myldap_search(base="ou=users,dc=camavision,dc=com", 
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uidNumber=-1))")
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [8b4567] <passwd=-1> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd=-1> DEBUG: 
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***") 
(uri="ldap://192.168.10.12/";)
nslcd: [8b4567] <passwd=-1> DEBUG: set_socket_timeout(2,500000)
nslcd: [8b4567] <passwd=-1> DEBUG: ldap_result(): end of results (0 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [7b23c6] DEBUG: connection from pid=25753 uid=1000 gid=100
nslcd: [7b23c6] DEBUG: denied shadow request by non-root user
nslcd: [3c9869] DEBUG: connection from pid=25753 uid=1000 gid=100
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [3c9869] <passwd="andyc"> DEBUG: 
myldap_search(base="ou=users,dc=camavision,dc=com", 
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uid=andyc))")
nslcd: [3c9869] <passwd="andyc"> DEBUG: ldap_initialize(ldap://192.168.10.12/)
nslcd: [3c9869] <passwd="andyc"> DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] <passwd="andyc"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] <passwd="andyc"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,2)
nslcd: [3c9869] <passwd="andyc"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,2)
nslcd: [3c9869] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,2)
nslcd: [3c9869] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] <passwd="andyc"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] <passwd="andyc"> DEBUG: 
ldap_simple_bind_s("cn=admin,dc=camavision,dc=com","***") 
(uri="ldap://192.168.10.12/";)
nslcd: [3c9869] <passwd="andyc"> DEBUG: set_socket_timeout(2,500000)
nslcd: [3c9869] <passwd="andyc"> DEBUG: ldap_result(): 
uid=andyc,ou=users,dc=camavision,dc=com
nslcd: [3c9869] <passwd="andyc"> (re)loading /etc/nsswitch.conf
nslcd: [3c9869] <passwd="andyc"> DEBUG: ldap_result(): end of results (1 total)
nslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: set_socket_timeout(1,0)
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: set_socket_timeout(1,0)
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): Permission 
denied
nslcd: DEBUG: unlink() of /var/run/nslcd/nslcd.pid failed (ignored): Permission 
denied
nslcd: version 0.8.12 bailing out

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/