Hi Arthur, 2014-07-07 12:04 GMT-07:00 Arthur de Jong <adej...@debian.org>: > On Sat, 2014-07-05 at 15:40 -0700, Peter Mairhofer wrote: >> Irregularly, I find very strange, non-normal and possibly >> security-problem indicating messages in my syslog, e.g.: >> >> nslcd[3338]: [16ec34] <passwd="pam_unix(sshd:auth"> request denied by >> validnames option > > The "request denied by validnames option" message indicates that some > process has requested information on a username that has a name that > should not be valid in the first place. > > These messages do not necessarily point to a security issue (certainly > not in nslcd) and can be seen during normal operation.
I don't buy that. These were just examples, the log files include of whole bunch of stuff which should NEVER be there including environment, command line, command line arguments. This looks more than fishy and probably like a buffer overflow. > From the posted log messages it seems that some log parsing function is > checking to see if certain parts of a log message refer to a known > username (I remember seeing that before, even recursively triggering > lookups on nslcd log messages). > > If you run nslcd in debug mode (start nslcd with -d) you should be able > to find out which process performs these requests. I will run with with "-d". But I can already tell you it's all/arbitary processes. I found snippets from shell scripts, started by cron, apache and many more. Here is a recent one with apache junk: Jul 7 01:16:51 server nslcd[1938]: [d4c000] <passwd="reqid":"53b9d8af5f24a","app":"p> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [0a4d05] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [867f39] <passwd="-"> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [9eadd1] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [13fbda] <passwd="reqid":"53b9d8b0e6c1e","app":"p> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [fefb3d] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [80ec3f] <passwd="-"> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [30d2f4] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [2675ea] <passwd="reqid":"53b9d8b328558","app":"p> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [306dd1] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [6cc28e] <passwd="-"> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [6a034f] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [74373d] <passwd="reqid":"53b9d8b4c3f01","app":"p> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [d14d32] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [3891f5] <passwd="-"> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [ee992c] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [bc5a59] <passwd="reqid":"53b9d8b60edb8","app":"p> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [c3e7f8] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [084ec8] <passwd="-"> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [eb0b36] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [c23f6b] <passwd="reqid":"53b9d8b735122","app":"c> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [0d74ad] <passwd="reqid":"53b9d8b735122","app":"c> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [ea7445] <passwd="reqid":"53b9d8b735122","app":"c> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [0a723a] <passwd="reqid":"53b9d8c58e868","app":"p> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [1c76e3] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [f25073] <passwd="-"> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [70c722] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [19e277] <passwd="reqid":"53b9d8cd63c23","app":"p> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [1bc9af] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [59192a] <passwd="-"> request denied by validnames option Jul 7 01:16:51 server nslcd[1938]: [364e32] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:17:00 server nslcd[1938]: [30b95c] <passwd="reqid":"53b9d8ec02be1","app":"p> request denied by validnames option Jul 7 01:17:00 server nslcd[1938]: [e08d99] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:17:00 server nslcd[1938]: [fefa8b] <passwd="-"> request denied by validnames option Jul 7 01:17:00 server nslcd[1938]: [c20633] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [9d932e] <passwd="reqid":"53b9d8b735122","app":"c> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [df8e6d] <passwd="reqid":"53b9d8c58e868","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [920d69] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [187568] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [22f92f] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [602aef] <passwd="reqid":"53b9d8cd63c23","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [3e3dc1] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [59cf70] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [6fd8f4] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [d5c8ee] <passwd="reqid":"53b9d8ec02be1","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [ecebf1] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [261641] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [71b7c9] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [b9b378] <passwd="reqid":"53b9d90971b71","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [5e8ba9] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [b04e64] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [db9a54] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [ae2eea] <passwd="reqid":"53b9d90fd9d62","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [12fcbf] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [871b42] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [0cbe08] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [9c37de] <passwd="reqid":"53b9d9277430e","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [e07310] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [42f05a] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [8f16b4] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [d317ad] <passwd="reqid":"53b9d92f51be4","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [4e6f96] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [5c6008] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [520e0f] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [58bd77] <passwd="reqid":"53b9d945748d3","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [0b1a4c] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [919aed] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [fa10cd] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [bad8b4] <passwd="reqid":"53b9d94e6c4b9","app":"p> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [335620] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [06e992] <passwd="-"> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [a053d2] <passwd="\/usr\/lib\/php5\/20100525+lfs\> request denied by validnames option Again - I emphasize I am aware that there is another problem (namely the PHP module could not be loaded) and it is fixed but these messages do not belong here - that's the point. Jul 7 01:18:54 server nslcd[1938]: [d44e83] <passwd="reqid":"53b9d95eae209","app":"u> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [b3626e] <passwd="uid=peter,ou=local> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [1021e6] <passwd="reqid":"53b9d95eae209","app":"u> request denied by validnames option Jul 7 01:18:54 server nslcd[1938]: [fcd5d0] <passwd="cn=shared,ou=local> request denied by validnames option Jul 7 01:19:20 server nslcd[1938]: [6e4abd] <passwd="reqid":"53b9d9784fcb7","app":"o> request denied by validnames option Jul 7 01:19:20 server nslcd[1938]: [024bf3] <passwd="thumbnails\/2234"> request denied by validnames option Jul 7 01:19:20 server nslcd[1938]: [6b7144] <passwd="reqid":"53b9d9784fcb7","app":"c> request denied by validnames option Jul 7 01:19:20 server nslcd[1938]: [44b52d] <passwd="\"\/shared\/office\/gmobile> request denied by validnames option Jul 7 01:19:20 server nslcd[1938]: [2e7608] <passwd="reqid":"53b9d9784fcb7","app":"c> request denied by validnames option Jul 7 01:19:20 server nslcd[1938]: [229ea7] <passwd="reqid":"53b9d9784fcb7","app":"c> request denied by validnames option Jul 7 01:19:21 server nslcd[1938]: [35e02c] <passwd="reqid":"53b9d97990bb5","app":"o> request denied by validnames option Jul 7 01:19:21 server nslcd[1938]: [85efdc] <passwd="thumbnails\/2231"> request denied by validnames option Jul 7 01:19:21 server nslcd[1938]: [2fd480] <passwd="reqid":"53b9d97990bb5","app":"c> request denied by validnames option Jul 7 01:19:21 server nslcd[1938]: [b65176] <passwd="\"\/shared\/office\/bestellung"> request denied by validnames option Jul 7 01:19:21 server nslcd[1938]: [22e950] <passwd="356723456.pdf\"> request denied by validnames option Jul 7 01:19:24 server nslcd[1938]: [591c90] <passwd="reqid":"53b9d97990bb5","app":"c> request denied by validnames option Jul 7 01:19:24 server nslcd[1938]: [8b0241] <passwd="couldn't"> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [db7dd1] <passwd="reqid":"53b9d97990bb5","app":"c> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [2a9887] <passwd="reqid":"53b9d97990bb5","app":"c> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [1789b1] <passwd="reqid":"53b9d97d724b6","app":"o> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [32ba9e] <passwd="thumbnails\/2233"> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [bf3112] <passwd="reqid":"53b9d97d724b6","app":"c> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [c96dee] <passwd="\"\/shared\/office\/int"> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [e9e984] <passwd="2345234.pdf\"> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [1d0d0a] <passwd="reqid":"53b9d97d724b6","app":"c> request denied by validnames option Jul 7 01:19:28 server nslcd[1938]: [267b5f] <passwd="couldn't"> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [39f3f4] <passwd="reqid":"53b9d97d724b6","app":"c> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [8db81d] <passwd="reqid":"53b9d97d724b6","app":"c> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [c8e4b2] <passwd="reqid":"53b9d9807c0f5","app":"o> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [ad30bf] <passwd="thumbnails\/2236"> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [6de9cd] <passwd="reqid":"53b9d9807c0f5","app":"c> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [43ffae] <passwd="\"\/shared\/office\/apa\/foto> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [c78a3b] <passwd="reqid":"53b9d9807c0f5","app":"c> request denied by validnames option Jul 7 01:19:47 server nslcd[1938]: [6cb03e] <passwd="couldn't"> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [e4fe23] <passwd="reqid":"53b9d9807c0f5","app":"c> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [375c0d] <passwd="reqid":"53b9d9807c0f5","app":"c> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [518466] <passwd="reqid":"53b9d9881f0cc","app":"o> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [fb11d8] <passwd="thumbnails\/2249"> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [59c8c6] <passwd="reqid":"53b9d9881f0cc","app":"c> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [b271a7] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [40707f] <passwd="reqid":"53b9d9881f0cc","app":"c> request denied by validnames option Jul 7 01:19:51 server nslcd[1938]: [d0f35b] <passwd="couldn't"> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [226e8c] <passwd="reqid":"53b9d9881f0cc","app":"c> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [77370a] <passwd="reqid":"53b9d9881f0cc","app":"c> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [8e33f2] <passwd="reqid":"53b9d98a4530c","app":"o> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [7979f0] <passwd="thumbnails\/2247"> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [63e051] <passwd="reqid":"53b9d98a4530c","app":"c> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [433525] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [218e3a] <passwd="reqid":"53b9d98a4530c","app":"c> request denied by validnames option Jul 7 01:19:58 server nslcd[1938]: [0e9ca8] <passwd="couldn't"> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [8df9db] <passwd="reqid":"53b9d98a4530c","app":"c> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [5ee306] <passwd="reqid":"53b9d98a4530c","app":"c> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [5b78d4] <passwd="reqid":"53b9d98cbbfd9","app":"o> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [482745] <passwd="thumbnails\/2248"> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [bc32e9] <passwd="reqid":"53b9d98cbbfd9","app":"c> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [c30a6e] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [60c24a] <passwd="reqid":"53b9d98cbbfd9","app":"c> request denied by validnames option Jul 7 01:20:07 server nslcd[1938]: [5be831] <passwd="couldn't"> request denied by validnames option Jul 7 01:20:18 server nslcd[1938]: [222ed0] <passwd="reqid":"53b9d98cbbfd9","app":"c> request denied by validnames option Jul 7 01:20:18 server nslcd[1938]: [228eb5] <passwd="reqid":"53b9d98cbbfd9","app":"c> request denied by validnames option Jul 7 01:20:18 server nslcd[1938]: [d592a4] <passwd="reqid":"53b9d98ed358a","app":"o> request denied by validnames option Jul 7 01:20:18 server nslcd[1938]: [67f89d] <passwd="thumbnails\/2246"> request denied by validnames option Jul 7 01:20:18 server nslcd[1938]: [b803e2] <passwd="reqid":"53b9d98ed358a","app":"c> request denied by validnames option Jul 7 01:20:19 server nslcd[1938]: [b576ee] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:20:19 server nslcd[1938]: [1c7c65] <passwd="reqid":"53b9d98ed358a","app":"c> request denied by validnames option Jul 7 01:20:19 server nslcd[1938]: [af82bc] <passwd="couldn't"> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [cef873] <passwd="reqid":"53b9d98ed358a","app":"c> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [c28c13] <passwd="reqid":"53b9d98ed358a","app":"c> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [3a3b91] <passwd="reqid":"53b9d99145112","app":"o> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [14fd1b] <passwd="thumbnails\/2244"> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [fb4407] <passwd="reqid":"53b9d99145112","app":"c> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [d718fa] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [753408] <passwd="reqid":"53b9d99145112","app":"c> request denied by validnames option Jul 7 01:20:25 server nslcd[1938]: [7fe66e] <passwd="couldn't"> request denied by validnames option Jul 7 01:20:32 server nslcd[1938]: [5bd28e] <passwd="reqid":"53b9d99145112","app":"c> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [6ddd22] <passwd="reqid":"53b9d99145112","app":"c> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [c7454a] <passwd="reqid":"53b9d993b4b33","app":"o> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [8a87aa] <passwd="thumbnails\/2250"> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [8f205c] <passwd="reqid":"53b9d993b4b33","app":"c> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [97f984] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [44fd8b] <passwd="20.gho.pdf\"> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [4bcae8] <passwd="reqid":"53b9d993b4b33","app":"c> request denied by validnames option Jul 7 01:20:33 server nslcd[1938]: [615004] <passwd="couldn't"> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [54b0ac] <passwd="reqid":"53b9d993b4b33","app":"c> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [d4b5a2] <passwd="reqid":"53b9d993b4b33","app":"c> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [6fb84e] <passwd="reqid":"53b9d9975ff2b","app":"o> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [a303e7] <passwd="thumbnails\/2276"> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [3d1ba0] <passwd="reqid":"53b9d9975ff2b","app":"c> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [212079] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [fb53e0] <passwd="20.gho.pdf\"> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [d2f3ec] <passwd="reqid":"53b9d9975ff2b","app":"c> request denied by validnames option Jul 7 01:20:51 server nslcd[1938]: [f25905] <passwd="couldn't"> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [e4d6a2] <passwd="reqid":"53b9d9975ff2b","app":"c> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [e817d4] <passwd="reqid":"53b9d9975ff2b","app":"c> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [ac5352] <passwd="reqid":"53b9d99a14e73","app":"o> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [c8cb82] <passwd="thumbnails\/2274"> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [c049fc] <passwd="reqid":"53b9d99a14e73","app":"c> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [724c72] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [d3482a] <passwd="reqid":"53b9d99a14e73","app":"c> request denied by validnames option Jul 7 01:20:58 server nslcd[1938]: [36cd19] <passwd="couldn't"> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [cf63cd] <passwd="reqid":"53b9d99a14e73","app":"c> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [d53327] <passwd="reqid":"53b9d99a14e73","app":"c> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [56384c] <passwd="reqid":"53b9d99c4cdec","app":"o> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [e569fa] <passwd="thumbnails\/2273"> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [45bf2c] <passwd="reqid":"53b9d99c4cdec","app":"c> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [0260ba] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [48d4d4] <passwd="140609.pdf\"> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [9c1522] <passwd="reqid":"53b9d99c4cdec","app":"c> request denied by validnames option Jul 7 01:21:07 server nslcd[1938]: [945715] <passwd="couldn't"> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [ae8089] <passwd="reqid":"53b9d99c4cdec","app":"c> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [0cc054] <passwd="reqid":"53b9d99c4cdec","app":"c> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [9c63dc] <passwd="reqid":"53b9d9b6a1b6a","app":"o> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [b5356a] <passwd="thumbnails\/2280"> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [bd053b] <passwd="reqid":"53b9d9b6a1b6a","app":"c> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [2da3e4] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [9d30ba] <passwd="vertrag\/info.pdf\"> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [e4f568] <passwd="reqid":"53b9d9b6a1b6a","app":"c> request denied by validnames option Jul 7 01:21:09 server nslcd[1938]: [0bf785] <passwd="couldn't"> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [286583] <passwd="reqid":"53b9d9b6a1b6a","app":"c> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [37d035] <passwd="reqid":"53b9d9b6a1b6a","app":"c> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [530f22] <passwd="reqid":"53b9d9b8a6eb1","app":"o> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [537492] <passwd="thumbnails\/2278"> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [872fb0] <passwd="reqid":"53b9d9b8a6eb1","app":"c> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [995f87] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [e3958a] <passwd="vertrag\/kv"> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [9c86ea] <passwd="original.pdf\"> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [78bdc6] <passwd="reqid":"53b9d9b8a6eb1","app":"c> request denied by validnames option Jul 7 01:21:20 server nslcd[1938]: [491767] <passwd="couldn't"> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [7bf072] <passwd="reqid":"53b9d9b8a6eb1","app":"c> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [92593e] <passwd="reqid":"53b9d9b8a6eb1","app":"c> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [9787c6] <passwd="reqid":"53b9d9bb5d0e0","app":"o> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [ac2ab6] <passwd="thumbnails\/2282"> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [81db6b] <passwd="reqid":"53b9d9bb5d0e0","app":"c> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [13f891] <passwd="\"\/shared\/office\/apa\/fina> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [0629ea] <passwd="98756\/kv"> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [080d1e] <passwd="kopie.pdf\"> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [558d39] <passwd="reqid":"53b9d9bb5d0e0","app":"c> request denied by validnames option Jul 7 01:21:31 server nslcd[1938]: [03764a] <passwd="couldn't"> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [23fb57] <passwd="reqid":"53b9d9bb5d0e0","app":"c> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [a1faef] <passwd="reqid":"53b9d9bb5d0e0","app":"c> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [28a6c5] <passwd="reqid":"53b9d9bdd3d03","app":"o> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [0e8444] <passwd="thumbnails\/2281"> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [cd05ef] <passwd="reqid":"53b9d9bdd3d03","app":"c> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [586a28] <passwd="\"\/shared\/office\/apa\/finp> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [6e0998] <passwd="vertrag\/98673"> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [619695] <passwd=""> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [e43fad] <passwd="ku.pdf\"> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [e2b300] <passwd="reqid":"53b9d9bdd3d03","app":"c> request denied by validnames option Jul 7 01:21:45 server nslcd[1938]: [03a001] <passwd="couldn't"> request denied by validnames option Jul 7 01:21:54 server nslcd[1938]: [4fa223] <passwd="reqid":"53b9d9bdd3d03","app":"c> request denied by validnames option Jul 7 01:21:54 server nslcd[1938]: [559ba6] <passwd="reqid":"53b9d9bdd3d03","app":"c> request denied by validnames option > >> nslcd[26547]: [180b0b] <passwd="peter"> ldap_search_ext() failed: Can't >> contact LDAP server: Broken pipe >> nslcd[26547]: [180b0b] <passwd="peter"> no available LDAP server found, >> sleeping 1 seconds >> >> nslcd[26547]: [3dd3e8] <passwd="mark"> ldap_result() failed: Can't contact >> LDAP server >> nslcd[26547]: [3dd3e8] <passwd="mark"> ldap_abandon() failed to abandon >> search: Can't contact LDAP server: Transport endpoint is not connected >> nslcd[26547]: [c91298] <service="smtp"/tcp> ldap_result() failed: Can't >> contact LDAP server >> >> nslcd[26547]: [584bcb] <group/member="mark"> ldap_search_ext() failed: Can't >> contact LDAP server: Broken pipe >> nslcd[26547]: [584bcb] <group/member="mark"> no available LDAP server found, >> sleeping 1 seconds > > These messages indicate some problem with contacting the LDAP server. > When the error occurs on ldap_search_ext() it is generally when starting > a new search, on ldap_result() it means that it happens while fetching > results. I added the comment "I emphasize that the problem is NOT that the LDAP can't be reached". I gave many different examples (including the apache above) where it's clear that this is not "normal". >> I think it could be related to a possibly non-standard PAM >> configuration, therefore I also post my common-auth: >> >> auth sufficient pam_unix.so nullok_secure >> auth sufficient pam_ldap.so use_first_pass >> auth requisite pam_pwdfile.so pwdfile /etc/passwd.opie >> auth sufficient pam_opie.so >> auth required pam_deny.so >> >> Interestingly the problems seem to be gone if I remove pam_opie and >> revert to the standard config. >> >> To conclude, I think the issue appears when you use nscld, pam_ldap >> AND an additonal module (such as pam_opie or pam_otpw) together. > > If you have a scenario that reasonably reliably triggers this problem I > will try to reproduce this issue. The process that triggers it (output > from nslcd -d) and circumstances that cause it (message happen on login, > from cron job, etc.) would help. Thanks. So far that's the closest I got. The problem is I need to wait one day to be sure that the problem is gone/not gone. I debugged it until I found that it's caused by the above PAM stack. I am pretty sure if this implemented on a different system the issue will appear as well. Anyway, I'll add "-d" to nscld and let you know when the next messages are generated. Thanks Peter
signature.asc
Description: PGP signature
