Bug#457936: Bug#458623: libnss-ldapd: problem with SSH logins

Wed, 02 Jan 2008 03:09:31 -0800 

On Tue, 2008-01-01 at 23:55 +0100, Petter Reinholdtsen wrote:
> I tried the svn version, and it is definitely better when it comes to
> this problem.  Both 'getent group svn' and 'getent group|grep svn'
> show the group members, and 'id pere' report what appear to be the
> correct set of group memberships.

Good to see that will fix that bug.

> But, there is a problem.  sshd no longer let the user log in.  I see
> this in the syslog:
> 
> Jan  1 23:51:08 ghost nslcd[1227]: error writing to client
> Jan  1 23:51:26 ghost last message repeated 941 times
> Jan  1 23:51:26 ghost nslcd[1227]: passwd entry 
> uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell 
> value
> Jan  1 23:51:26 ghost nslcd[1227]: error writing to client
> Jan  1 23:51:26 ghost last message repeated 80 times
> Jan  1 23:51:26 ghost nslcd[1227]: passwd entry 
> uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell 
> value
> Jan  1 23:51:26 ghost nslcd[1227]: error writing to client
> Jan  1 23:51:26 ghost last message repeated 95 times
> Jan  1 23:51:26 ghost nslcd[1227]: passwd entry 
> uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell 
> value
> Jan  1 23:51:26 ghost nslcd[1227]: error writing to client
> 
> I have no idea what it means, nor if it related to this bug, but
> thought it best to mention it.

I have created a new bug (458623) to handle this issue, please reply
there.

There are some strange things happening in your setup. For some reason a
process is doing a lot of NSS lookups and not completing the queries.

Could you perform some tests for me?

 1. run nslcd in debug mode
      /etc/init.d/nslcd stop
      nslcd -d
 2. perform some lookups
      getent passwd svn
      getent group svn
      id -a svn
    and report the output and the output from nslcd above?
 3. perform an ssh login and report the output from nslcd above and any
    information that sshd reports (you could also run sshd in debug
    mode)

In the above nslcd reports process ids of incoming connections. Can you
check that those are from sshd?

Can you also describe a little about your environment
(/etc/nss-ldapd.conf, /etc/nsswitch.conf, maybe you have AllowGroups
and/or AllowUsers entries in /etc/ssh/sshd_config, how many users do you
have, number of groups, etc).

Thanks.

-- 
-- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to