NSCD behaving weirdly with NSLCD

[MOORE Arlie <Arlie.MOORE [at] swift.com>]

Arthur,

 

Problem:

We have encountered an interesting issue when using NSLCD with NSCD. When we turn nscd off, I can run the ‘id <ldap user>’ command and also login as LDAP users. But if nscd is on we cannot login as an LDAP user and the ‘id <ldap user>’ command will return with no such user. This is speculation on my part, but it looks like the NSCD cache is being populated with a value before checking LDAP.

 

Debugging:

Turned on nscd debugging level to 7 and restarted nscd. 'crogers' is an LDAP user and after running the 'id crogers' command, we get back 'id: crogers: no such user'. We see these two lines in the nscd debugging log. On the LDAP side, we see no query at all coming in requesting information about crogers.

Thu 05 Apr 2018 09:17:54 PM UTC - 1560: Haven't found "crogers" in password cache!

Thu 05 Apr 2018 09:17:54 PM UTC - 1560: add new entry "crogers" of type GETPWBYNAME for passwd to cache (first)

 

If we try to login with crogers we will get the following error for sshd.

 

Apr 05 21:11:48 NLOCCP01 sshd[17710]: Invalid user crogers from 172.26.37.131

Apr 05 21:11:48 NLOCCP01 sshd[17710]: input_userauth_request: invalid user crogers [preauth]

Apr 05 21:11:51 NLOCCP01 nslcd[1916]: [ed7263] <authc="crogers"> uid=crogers,ou=People,dc=ldapprod,dc=swift,dc=com: lookup failed: Invalid credentials

Apr 05 21:11:51 NLOCCP01 sshd[17710]: pam_ldap(sshd:auth): Authentication failure; user=crogers

Apr 05 21:11:51 NLOCCP01 sshd[17710]: pam_faillock(sshd:auth): User unknown: crogers

Apr 05 21:11:51 NLOCCP01 sshd[17710]: pam_faillock(sshd:auth): User unknown: crogers

Apr 05 21:11:53 NLOCCP01 sshd[17710]: Failed password for invalid user crogers from 172.26.37.131 port 47667 ssh2

Apr 05 21:11:55 NLOCCP01 nslcd[1916]: [dcc233] <authc="crogers"> uid=crogers,ou=People,dc=ldapprod,dc=swift,dc=com: lookup failed: Invalid credentials

Apr 05 21:11:55 NLOCCP01 sshd[17710]: pam_ldap(sshd:auth): Authentication failure; user=crogers

Apr 05 21:11:55 NLOCCP01 sshd[17710]: pam_faillock(sshd:auth): User unknown: crogers

Apr 05 21:11:55 NLOCCP01 sshd[17710]: pam_faillock(sshd:auth): User unknown: crogers

Apr 05 21:11:57 NLOCCP01 sshd[17710]: Failed password for invalid user crogers from 172.26.37.131 port 47667 ssh2

Apr 05 21:11:57 NLOCCP01 sshd[17710]: Disconnecting: Too many authentication failures for crogers [preauth]

 

System Information:

[root@NLOCCP01 openldap]# rpm -qa | grep nscd

nscd-2.17-157.el7_3.1.x86_64

[root@NLOCCP01 openldap]# rpm -qa | grep nss-pam

nss-pam-ldapd-0.8.13-8.el7.x86_64

[root@NLOCCP01 openldap]# rpm -qa | grep openldap

openldap-2.4.44-5.el7.x86_64

openldap-clients-2.4.44-5.el7.x86_64

[root@NLOCCP01 openldap]# uname -a

Linux NLOCCP01 3.10.0-514.6.1.el7.x86_64 #1 SMP Sat Dec 10 11:15:38 EST 2016 x86_64 x86_64 x86_64 GNU/Linux

[root@NLOCCP01 openldap]# cat /etc/redhat-release

Red Hat Enterprise Linux Server release 7.4 (Maipo)

 

Arlie Moore
SWIFT | TF Security Management Solutions | Developer/Systems Engineer
Mob: 571-232-9375

www.swift.com

This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail.  Thank you for your co-operation.  SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems.

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/