Re: nslcd crashing on Freebsd 12
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: nslcd crashing on Freebsd 12
- From: Ryan Bethke <ryanb [at] honeycomb.net>
- To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Re: nslcd crashing on Freebsd 12
- Date: Fri, 18 Jan 2019 02:33:06 +0000
We have experienced this exact same issue. FreeBSD 12 base was upgraded to openssl-1.1.1. When compiling against the openssl 1.0.2 port, there seems to be some linking against the base openssl implementation. Running the following command should show that symptom:
# ldd /usr/local/sbin/nslcd
We decided to revert back to the base openssl implementation, and nslcd has been working just fine.
Ryan
From: nss-pam-ldapd-users <nss-pam-ldapd-users-bounces+ryanb=honeycomb.net@lists.arthurdejong.org> on behalf of Sacha Clayton <sacha@witopia.net>
Sent: Thursday, January 17, 2019 8:07:00 PM
To: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: nslcd crashing on Freebsd 12
Sent: Thursday, January 17, 2019 8:07:00 PM
To: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: nslcd crashing on Freebsd 12
nslcd crashes (signal 11, core dumped) every time it tries to make a
connection to my ldap server. It looks like it is failing when trying
to initialize the TLS connection. The strange thing is all other ldap
queries work fine; I can ldapsearch over a TLS connection without error.
This also works fine on Freebsd 11.2 using ports built from the same
port tree revision.
I am unsure how to troubleshoot this further. Does anyone have any
advice on how to proceed?
Thanks
S
Diagnostic info:
The server is Freebsd 12.0-release-p1 r341666. It is a bhyve vm running
on a 11.2-release-p4 host.
Software versions:
nss-pam-ldapd-0.9.10
openldap-client-2.4.47
openssl-1.0.2q
Debug (-dd) output:
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [00834d] DEBUG: connection from pid=18446744073709551615 uid=0 gid=0
nslcd: [00834d] <passwd="sacha"> DEBUG:
myldap_search(base="dc=witopia,dc=net",
filter="(&(objectClass=posixAccount)(uid=sacha))")
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_initialize(ldap://74.115.160.100)
ldap_create
ldap_url_parse_ext(ldap://74.115.160.100)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_rebind_proc()
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_start_tls_s()
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 74.115.160.100:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 74.115.160.100:389
ldap_pvt_connect: fd: 6 tm: 10 async: 0
ldap_ndelay_on: 6
attempting to connect:
connect errno: 36
ldap_int_poll: fd: 6 tm: 10
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x800fba030 msgid 1
wait4msg ld 0x800fba030 msgid 1 (timeout 10000000 usec)
wait4msg continue ld 0x800fba030 msgid 1 all 1
** ld 0x800fba030 Connections:
* host: 74.115.160.100 port: 389 (default)
refcnt: 2 status: Connected
last used: Fri Jan 18 00:52:59 2019
** ld 0x800fba030 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x800fba030 request count 1 (abandoned 0)
** ld 0x800fba030 Response Queue:
Empty
ld 0x800fba030 response count 0
ldap_chkResponseList ld 0x800fba030 msgid 1 all 1
ldap_chkResponseList returns ld 0x800fba030 NULL
ldap_int_select
read1msg: ld 0x800fba030 msgid 1 all 1
read1msg: ld 0x800fba030 msgid 1 message type extended-result
read1msg: ld 0x800fba030 0 new referrals
read1msg: mark request completed, ld 0x800fba030 msgid 1
request done: ld 0x800fba030 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:failed in SSLv2/v3 write client hello B
TLS: can't connect: .
Segmentation fault
Server side log:
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 ACCEPT from
IP=74.115.160.77:54909 (IP=0.0.0.0:389)
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 STARTTLS
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 RESULT oid= err=0 text=
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 closed (TLS
negotiation failure)
connection to my ldap server. It looks like it is failing when trying
to initialize the TLS connection. The strange thing is all other ldap
queries work fine; I can ldapsearch over a TLS connection without error.
This also works fine on Freebsd 11.2 using ports built from the same
port tree revision.
I am unsure how to troubleshoot this further. Does anyone have any
advice on how to proceed?
Thanks
S
Diagnostic info:
The server is Freebsd 12.0-release-p1 r341666. It is a bhyve vm running
on a 11.2-release-p4 host.
Software versions:
nss-pam-ldapd-0.9.10
openldap-client-2.4.47
openssl-1.0.2q
Debug (-dd) output:
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [00834d] DEBUG: connection from pid=18446744073709551615 uid=0 gid=0
nslcd: [00834d] <passwd="sacha"> DEBUG:
myldap_search(base="dc=witopia,dc=net",
filter="(&(objectClass=posixAccount)(uid=sacha))")
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_initialize(ldap://74.115.160.100)
ldap_create
ldap_url_parse_ext(ldap://74.115.160.100)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_rebind_proc()
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [00834d] <passwd="sacha"> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [00834d] <passwd="sacha"> DEBUG: ldap_start_tls_s()
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 74.115.160.100:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 74.115.160.100:389
ldap_pvt_connect: fd: 6 tm: 10 async: 0
ldap_ndelay_on: 6
attempting to connect:
connect errno: 36
ldap_int_poll: fd: 6 tm: 10
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x800fba030 msgid 1
wait4msg ld 0x800fba030 msgid 1 (timeout 10000000 usec)
wait4msg continue ld 0x800fba030 msgid 1 all 1
** ld 0x800fba030 Connections:
* host: 74.115.160.100 port: 389 (default)
refcnt: 2 status: Connected
last used: Fri Jan 18 00:52:59 2019
** ld 0x800fba030 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x800fba030 request count 1 (abandoned 0)
** ld 0x800fba030 Response Queue:
Empty
ld 0x800fba030 response count 0
ldap_chkResponseList ld 0x800fba030 msgid 1 all 1
ldap_chkResponseList returns ld 0x800fba030 NULL
ldap_int_select
read1msg: ld 0x800fba030 msgid 1 all 1
read1msg: ld 0x800fba030 msgid 1 message type extended-result
read1msg: ld 0x800fba030 0 new referrals
read1msg: mark request completed, ld 0x800fba030 msgid 1
request done: ld 0x800fba030 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:failed in SSLv2/v3 write client hello B
TLS: can't connect: .
Segmentation fault
Server side log:
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 ACCEPT from
IP=74.115.160.77:54909 (IP=0.0.0.0:389)
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 STARTTLS
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 op=0 RESULT oid= err=0 text=
Jan 18 00:53:00 prod00 slapd[474]: conn=1699 fd=16 closed (TLS
negotiation failure)
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- nslcd crashing on Freebsd 12,
Sacha Clayton
- Re: nslcd crashing on Freebsd 12, Ryan Bethke
- Re: nslcd crashing on Freebsd 12, Sacha Clayton
- Prev by Date: nslcd crashing on Freebsd 12
- Next by Date: Re: nslcd crashing on Freebsd 12
- Previous by thread: nslcd crashing on Freebsd 12
- Next by thread: Re: nslcd crashing on Freebsd 12