lists.arthurdejong.org
RSS feed

Re: nslcd crashing on Freebsd 12

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd crashing on Freebsd 12



We have experienced this exact same issue.  FreeBSD 12 base was upgraded to openssl-1.1.1.  When compiling against the openssl 1.0.2 port, there seems to be some linking against the base openssl implementation.  Running the following command should show that symptom:


# ldd /usr/local/sbin/nslcd


We decided to revert back to the base openssl implementation, and nslcd has been working just fine.


Ryan


From: nss-pam-ldapd-users <nss-pam-ldapd-users-bounces+ryanb=honeycomb.net@lists.arthurdejong.org> on behalf of Sacha Clayton <sacha@witopia.net>
Sent: Thursday, January 17, 2019 8:07:00 PM
To: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: nslcd crashing on Freebsd 12
 
nslcd crashes (signal 11, core dumped) every time it tries to make a
connection to my ldap server.  It looks like it is failing when trying
to initialize the TLS connection.  The strange thing is all other ldap
queries work fine; I can ldapsearch over a TLS connection without error.
 This also works fine on Freebsd 11.2 using ports built from the same
port tree revision.

I am unsure how to troubleshoot this further.  Does anyone have any
advice on how to proceed?

Thanks
S


Diagnostic info:

The server is Freebsd 12.0-release-p1 r341666.  It is a bhyve vm running
on a 11.2-release-p4 host.

Software versions:

nss-pam-ldapd-0.9.10
openldap-client-2.4.47
openssl-1.0.2q

Debug (-dd) output:

nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [00834d] DEBUG: connection from pid=18446744073709551615 uid=0 gid=0
nslcd: [00834d] <passwd="sacha"> DEBUG:
myldap_search(base="dc=witopia,dc=net",
filter="(&(objectClass=posixAccount)(uid=sacha))")
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_initialize(ldap://74.115.160.100)
ldap_create
ldap_url_parse_ext(ldap://74.115.160.100)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_rebind_proc()
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_start_tls_s()
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 74.115.160.100:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 74.115.160.100:389
ldap_pvt_connect: fd: 6 tm: 10 async: 0
ldap_ndelay_on: 6
attempting to connect:
connect errno: 36
ldap_int_poll: fd: 6 tm: 10
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x800fba030 msgid 1
wait4msg ld 0x800fba030 msgid 1 (timeout 10000000 usec)
wait4msg continue ld 0x800fba030 msgid 1 all 1
** ld 0x800fba030 Connections:
* host: 74.115.160.100  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Jan 18 00:52:59 2019


** ld 0x800fba030 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x800fba030 request count 1 (abandoned 0)
** ld 0x800fba030 Response Queue:
   Empty
  ld 0x800fba030 response count 0
ldap_chkResponseList ld 0x800fba030 msgid 1 all 1
ldap_chkResponseList returns ld 0x800fba030 NULL
ldap_int_select
read1msg: ld 0x800fba030 msgid 1 all 1
read1msg: ld 0x800fba030 msgid 1 message type extended-result
read1msg: ld 0x800fba030 0 new referrals
read1msg:  mark request completed, ld 0x800fba030 msgid 1
request done: ld 0x800fba030 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:failed in SSLv2/v3 write client hello B
TLS: can't connect: .
Segmentation fault


Server side log:

Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 ACCEPT from
IP=74.115.160.77:54909 (IP=0.0.0.0:389)
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 STARTTLS
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 RESULT oid= err=0 text=
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 closed (TLS
negotiation failure)


-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/