> Are you using libpam-ldap too? Yes, I'm using libpam-ldap too. Both packages were upgraded at the same time. I tried all four combinations of previous and new versions of both packages. The problems occurred in both cases where the new libnss-ldap was installed and didn't occur in either case with the old libnss-ldap installed.
> Does gdm log anything interesting about why it's > failing, or is it failing when logging in as root? When the new libnss-ldap is installed, gdm fails (regardless of who is attempting to log in). There does not appear to be anything interesting in the gdm logs. The logs when users can't log in are identical to when users could previously log in. I haven't tried running gdm through a debugger yet, but I think gdm might be crashing as it momentarily dumps me back to a console and then the gdm login screen restarts. Similarly, there are not entries in /var/log/auth.log or /var/log/syslog when root tried to log in on the console. > Basically, are you sure the gdm issue is the same as the root login on > console issue? I'm not absolutely sure, but both problems start when I install the new libnss-ldap and both problems go away when I revert to the old version. It is possible that there are different bugs in both login and gdm, but if that is the case, the new libnss-ldap is at least a common trigger. > What does your /etc/nsswitch.conf look like? -------------------- passwd: files ldap group: files ldap shadow: files ldap hosts: files dns dns6 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis -------------------- > What about your /etc/libnss-ldap.conf? I've stripped all comment lines to conserve space and sanitized internal "ou" strings to "example.com" -------------------- host ldap.example.com base dc=example,dc=com ldap_version 3 pam_password clear nss_base_passwd ou=Users,dc=example,dc=com?one nss_base_shadow ou=Users,dc=example,dc=com?one nss_base_group ou=Groups,dc=example,dc=com?one ssl start_tls tls_checkpeer yes tls_cacertfile /etc/ssl/certs/example.com_CA.pem tls_ciphers HIGH:!ADH -------------------- > What specific version of glibc, what kernel are > you using, do you know if NPTL is enabled or not? glibc = libc6 and libc6-i686 from debian unstable (both at version 2.3.2.ds1-20). For the benefit of anyone at PADL not familiar with debian, the libc6-i686 package redirects linking to i686 optimized versions of the C libraries while utilizing all the manual pages, timezone info, and other common files from the libc6 package. kernel = 2.6.11.6 from kernel.org, compiled for an AMD-XP (K7) NPTL is enabled (on by default with a 586 or higher optimized libc6 on a 2.6.x kernel) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
