FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 04-29-2008, 02:14 PM
Marco Schmidt
 
Default ldap bug in hardy

Hello,

I described the problem, including solution in ubuntuforums.

http://ubuntuforums.org/showthread.php?p=4831924

I have a strange problem after upgrading from gutsy to hardy. The user
identification via LDAP Microsoft AD does not work anymore.

The /etc/ldap.conf and /etc/nsswitch.conf seems to be okay. "getent
password" and "getent group" delivers the info from AD I expect.

"ssh" and "id" hangs!

If I set "bind_policy soft" in /etc/ldap.conf, I get the following error:

#id user
id: result.c:112: ldap_result: Assertion `ld != ((void *)0)' failed.
uid=10039(user) gid=10147(group)Aborted

and in /var/log/auth.log I found the following:
Apr 28 16:04:36 hostname id: nss_ldap: could not search LDAP server -
Server is unavailable

If I delete the "ldap" in /etc/nsswitch.conf from "group", no hangers or
errors anymore, but I can only see the local groups.

Exactly the same config under gutsy (7.10) works great.

The problem occurs on a hardy upgrade and on a hardy fresh installation.

I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with
the default settings)

Now it works perfectly!

Could there be a bug in ldap version 2.4.7-6ubuntu3 of nss_ldap
258-1ubuntu3 (ubuntu hardy)?

Greetings ...
Marco

--
+-------------------------------------------------------------+
|Marco Schmidt Datenbank- & Systemadministrator|
|Universität Zürich |
|Functional Genomics Center Zurich (FGCZ) UNI/ETH |
|Irchel, Y32 H 06 Tel: +41-44-635-3902 |
|Winterthurerstrasse 190 Fax: +41-44-635-3922 |
|CH-8057 Zürich schmidt@fgcz.ethz.ch |
+----Never let a technical device know you're in a hurry!-----+


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-29-2008, 06:33 PM
NoOp
 
Default ldap bug in hardy

On 04/29/2008 07:14 AM, Marco Schmidt wrote:

>
> Exactly the same config under gutsy (7.10) works great.
>
> The problem occurs on a hardy upgrade and on a hardy fresh installation.
>
> I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with
> the default settings)
>
> Now it works perfectly!
>
> Could there be a bug in ldap version 2.4.7-6ubuntu3 of nss_ldap
> 258-1ubuntu3 (ubuntu hardy)?

You might check your old auth.log's and see if you find errors like this:

PAM unable to dlopen(/lib/security/pam_smbpass.so)

https://bugs.launchpad.net/ubuntu/+bug/222003
[Can't contact LDAP server]

There have been quite a few issues with some of the pam.d files
referencing pam_smbpass.so. Some have resolved with installing
libpam-smbpass, but it can be resolved by commenting out the
pam_smbpass.so related lines in /etc/pam.d/common-auth and
/etc/pam.d/common-password:

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/216990
commenting out the pam_smbpass.so related lines in
/etc/pam.d/common-auth and /etc/pam.d/common-password


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-29-2008, 10:28 PM
"Christian Stegmann"
 
Default ldap bug in hardy

Hello,

I am facing similar problems. Despite a lot of effort I could not get
my LDAP client setup to run on Hardy (it runs smoothly on Dapper on
another machine). First I followed strictly
https://help.ubuntu.com/community/LDAPClientAuthentication. However,
/etc/libnss-ldap.conf or /etc/libpam-ldap.conf are not generated after
the installation of the packages.
Then I tried to reproduce the setup in Dapper by manually editing
/etc/libnss-ldap.conf and /etc/libpam-ldap.conf. I also commented out
the aforementioned pam_smbpass.so related lines. This also failed,
getent passwd does not work.
I can access the server using ldapsearch -x though. Any help appreciated.

thanks,
christian

On Tue, Apr 29, 2008 at 8:33 PM, NoOp <glgxg@sbcglobal.net> wrote:
> On 04/29/2008 07:14 AM, Marco Schmidt wrote:
>
> >
> > Exactly the same config under gutsy (7.10) works great.
> >
> > The problem occurs on a hardy upgrade and on a hardy fresh installation.
> >
> > I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with
> > the default settings)
> >
> > Now it works perfectly!
> >
> > Could there be a bug in ldap version 2.4.7-6ubuntu3 of nss_ldap
> > 258-1ubuntu3 (ubuntu hardy)?
>
> You might check your old auth.log's and see if you find errors like this:
>
> PAM unable to dlopen(/lib/security/pam_smbpass.so)
>
> https://bugs.launchpad.net/ubuntu/+bug/222003
> [Can't contact LDAP server]
>
> There have been quite a few issues with some of the pam.d files
> referencing pam_smbpass.so. Some have resolved with installing
> libpam-smbpass, but it can be resolved by commenting out the
> pam_smbpass.so related lines in /etc/pam.d/common-auth and
> /etc/pam.d/common-password:
>
> https://bugs.launchpad.net/ubuntu/+source/pam/+bug/216990
> commenting out the pam_smbpass.so related lines in
> /etc/pam.d/common-auth and /etc/pam.d/common-password
>
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>



--
Christian Stegmann
MPIBPC
Am Fassberg 11
37077 Goettingen, Germany

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-30-2008, 07:14 AM
Marco Schmidt
 
Default ldap bug in hardy

Thanks for your answer.

libpam-smbpass is and was not installed. There are no libpam-smbpass
entries in any pam.d files.


To make sure, I installed libpam-smbpass. But no change in the ldap
behavior.


# id user
id: result.c:112: ldap_result: Assertion `ld != ((void *)0)' failed.
uid=10039(user) gid=10147(group1)Aborted

/var/log/auth.log
Apr 30 09:09:33 hostname id: nss_ldap: could not search LDAP server -
Server is unavailable


With ldapsearch or getent I can contact the server without problems.

NoOp wrote:

On 04/29/2008 07:14 AM, Marco Schmidt wrote:


Exactly the same config under gutsy (7.10) works great.

The problem occurs on a hardy upgrade and on a hardy fresh installation.

I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with
the default settings)

Now it works perfectly!

Could there be a bug in ldap version 2.4.7-6ubuntu3 of nss_ldap
258-1ubuntu3 (ubuntu hardy)?


You might check your old auth.log's and see if you find errors like this:

PAM unable to dlopen(/lib/security/pam_smbpass.so)

https://bugs.launchpad.net/ubuntu/+bug/222003
[Can't contact LDAP server]

There have been quite a few issues with some of the pam.d files
referencing pam_smbpass.so. Some have resolved with installing
libpam-smbpass, but it can be resolved by commenting out the
pam_smbpass.so related lines in /etc/pam.d/common-auth and
/etc/pam.d/common-password:

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/216990
commenting out the pam_smbpass.so related lines in
/etc/pam.d/common-auth and /etc/pam.d/common-password




--
+-------------------------------------------------------------+
|Marco Schmidt Datenbank- & Systemadministrator|
|Universität Zürich |
|Functional Genomics Center Zurich (FGCZ) UNI/ETH |
|Irchel, Y32 H 06 Tel: +41-44-635-3902 |
|Winterthurerstrasse 190 Fax: +41-44-635-3922 |
|CH-8057 Zürich schmidt@fgcz.ethz.ch |
+----Never let a technical device know you're in a hurry!-----+

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-30-2008, 08:37 AM
"Christian Stegmann"
 
Default ldap bug in hardy

Hello,

I am facing similar problems. Despite a lot of effort I could not get
my LDAP client setup to run on Hardy (it runs smoothly on Dapper on
another machine). First I followed strictly
https://help.ubuntu.com/community/LDAPClientAuthentication. However,
/etc/libnss-ldap.conf or /etc/libpam-ldap.conf are not generated after
the installation of the packages.
Then I tried to reproduce the Dapper-setup by manually editing
/etc/libnss-ldap.conf and /etc/libpam-ldap.conf. I also commented out
the aforementioned pam_smbpass.so related lines. This also failed,
getent passwd does not work.
I can access the server using ldapsearch -x though. Any help appreciated.

thanks,
christian

On Wed, Apr 30, 2008 at 9:14 AM, Marco Schmidt <schmidt@fgcz.ethz.ch> wrote:
> Thanks for your answer.
>
> libpam-smbpass is and was not installed. There are no libpam-smbpass
> entries in any pam.d files.
>
> To make sure, I installed libpam-smbpass. But no change in the ldap
> behavior.
>
> # id user
>
> id: result.c:112: ldap_result: Assertion `ld != ((void *)0)' failed.
> uid=10039(user) gid=10147(group1)Aborted
>
> /var/log/auth.log
> Apr 30 09:09:33 hostname id: nss_ldap: could not search LDAP server -
> Server is unavailable
>
> With ldapsearch or getent I can contact the server without problems.
>
>
> NoOp wrote:
>
> > On 04/29/2008 07:14 AM, Marco Schmidt wrote:
> >
> >
> > > Exactly the same config under gutsy (7.10) works great.
> > >
> > > The problem occurs on a hardy upgrade and on a hardy fresh installation.
> > >
> > > I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with
> > > the default settings)
> > >
> > > Now it works perfectly!
> > >
> > > Could there be a bug in ldap version 2.4.7-6ubuntu3 of nss_ldap
> > > 258-1ubuntu3 (ubuntu hardy)?
> > >
> >
> > You might check your old auth.log's and see if you find errors like this:
> >
> > PAM unable to dlopen(/lib/security/pam_smbpass.so)
> >
> > https://bugs.launchpad.net/ubuntu/+bug/222003
> > [Can't contact LDAP server]
> >
> > There have been quite a few issues with some of the pam.d files
> > referencing pam_smbpass.so. Some have resolved with installing
> > libpam-smbpass, but it can be resolved by commenting out the
> > pam_smbpass.so related lines in /etc/pam.d/common-auth and
> > /etc/pam.d/common-password:
> >
> > https://bugs.launchpad.net/ubuntu/+source/pam/+bug/216990
> > commenting out the pam_smbpass.so related lines in
> > /etc/pam.d/common-auth and /etc/pam.d/common-password
> >
> >
> >
>
> --
>
> +-------------------------------------------------------------+
> |Marco Schmidt Datenbank- & Systemadministrator|
> |Universität Zürich |
> |Functional Genomics Center Zurich (FGCZ) UNI/ETH |
> |Irchel, Y32 H 06 Tel: +41-44-635-3902 |
> |Winterthurerstrasse 190 Fax: +41-44-635-3922 |
> |CH-8057 Zürich schmidt@fgcz.ethz.ch |
> +----Never let a technical device know you're in a hurry!-----+
>
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>



--
Christian Stegmann
Max-Planck Institute for Biophysical Chemistry
Am Fassberg 11
37077 Goettingen, Germany

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-30-2008, 09:01 AM
Marco Schmidt
 
Default ldap bug in hardy

The config files are a bit confusing.

What I found out:

/etc/ldap/ldap.conf is used by the ldap tools (ldapsearch, etc)

/etc/ldap.conf is used by libnss_ldap

/etc/libnss_ldap.conf is not used by ubuntu, but it is used by the
libnss_ldap on debian.


I made links that all three files are the same.

Christian Stegmann wrote:

Hello,

I am facing similar problems. Despite a lot of effort I could not get
my LDAP client setup to run on Hardy (it runs smoothly on Dapper on
another machine). First I followed strictly
https://help.ubuntu.com/community/LDAPClientAuthentication. However,
/etc/libnss-ldap.conf or /etc/libpam-ldap.conf are not generated after
the installation of the packages.
Then I tried to reproduce the Dapper-setup by manually editing
/etc/libnss-ldap.conf and /etc/libpam-ldap.conf. I also commented out
the aforementioned pam_smbpass.so related lines. This also failed,
getent passwd does not work.
I can access the server using ldapsearch -x though. Any help appreciated.

thanks,
christian

On Wed, Apr 30, 2008 at 9:14 AM, Marco Schmidt <schmidt@fgcz.ethz.ch> wrote:

Thanks for your answer.

libpam-smbpass is and was not installed. There are no libpam-smbpass
entries in any pam.d files.

To make sure, I installed libpam-smbpass. But no change in the ldap
behavior.

# id user

id: result.c:112: ldap_result: Assertion `ld != ((void *)0)' failed.
uid=10039(user) gid=10147(group1)Aborted

/var/log/auth.log
Apr 30 09:09:33 hostname id: nss_ldap: could not search LDAP server -
Server is unavailable

With ldapsearch or getent I can contact the server without problems.


NoOp wrote:


On 04/29/2008 07:14 AM, Marco Schmidt wrote:



Exactly the same config under gutsy (7.10) works great.

The problem occurs on a hardy upgrade and on a hardy fresh installation.

I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with
the default settings)

Now it works perfectly!

Could there be a bug in ldap version 2.4.7-6ubuntu3 of nss_ldap
258-1ubuntu3 (ubuntu hardy)?


You might check your old auth.log's and see if you find errors like this:

PAM unable to dlopen(/lib/security/pam_smbpass.so)

https://bugs.launchpad.net/ubuntu/+bug/222003
[Can't contact LDAP server]

There have been quite a few issues with some of the pam.d files
referencing pam_smbpass.so. Some have resolved with installing
libpam-smbpass, but it can be resolved by commenting out the
pam_smbpass.so related lines in /etc/pam.d/common-auth and
/etc/pam.d/common-password:

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/216990
commenting out the pam_smbpass.so related lines in
/etc/pam.d/common-auth and /etc/pam.d/common-password






--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users








--
+-------------------------------------------------------------+
|Marco Schmidt Datenbank- & Systemadministrator|
|Universität Zürich |
|Functional Genomics Center Zurich (FGCZ) UNI/ETH |
|Irchel, Y32 H 06 Tel: +41-44-635-3902 |
|Winterthurerstrasse 190 Fax: +41-44-635-3922 |
|CH-8057 Zürich schmidt@fgcz.ethz.ch |
+----Never let a technical device know you're in a hurry!-----+

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 04:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org