Re: nslcd Connection reset by peer

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Hugo Deprez <hugo.deprez [at] gmail.com>
To: Arthur de Jong <arthur [at] arthurdejong.org>
Cc: nss-pam-ldapd-users <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: Re: nslcd Connection reset by peer
Date: Sat, 27 Jan 2018 09:12:58 +0100

Hello,

thank you for your help. I finally solve the issue in two steps.

First I did as you said :

- install unscd on all servers with default configuration

- modify nslcd.conf with threads 10

I still had the issue on some servers. Funny thing, not all servers are concerned, so I looked at the server with the highest number of errors.

This message show up when my Nagios server execute a bash script on the server through ssh.

I found that the user used by nagios was a system user with an ID in the range of LDAP users.

So I just change the id of the user and it solve it.

But this means that this message can happen with a regular LDAP user.

Note that I also try nslcd.conf with threads 150 but it doesn't help.

Regards,

On 14 August 2017 at 21:25, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Mon, 2017-08-14 at 16:48 +0200, Hugo Deprez wrote:
> I ma using nslcd 0.9.4 on debian 8. My setup is working fine, but in
> my logs I can see some timeouts :
>
> nslcd[1095]: [28ef39] error reading from client: Connection reset by peer
>
> This happen on almost all of my server.
>
> I don't know what cause this message to show up.
> Do you have any idea ? I would like to troubleshoot this but I don't
> really know where to start.

The messages seem to indicate that some process connects to nslcd but
closes the connection before the request can be read by nslcd.

This could be due to a timeout in the NSS or PAM module. The timeout
here is 10 seconds.

You should probably be able to solve this issue by increasing the
number of threads that nslcd uses and/or using (u)nscd to reduce the
number of lookups that nslcd has to perform.

If your LDAP searches are slow you could also see if adding indexes
server-side improves performance or perhaps tune your search filters to
return less entries (if your LDAP database is big).

Hope this helps,

--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: nslcd Connection reset by peer, Hugo Deprez

Prev by Date: Re: Build nslcd for Solaris 10 and Solaris 11
Next by Date: Success auth after pam_authc_search=NONE
Previous by thread: Re: Build nslcd for Solaris 10 and Solaris 11
Next by thread: Success auth after pam_authc_search=NONE