[Arthur de Jong] > 2. perform some lookups > getent passwd svn > getent group svn > id -a svn > and report the output and the output from nslcd above?
Here is the output from nslcd -d, with comments to explain what was done when. I trimmed the long lists of "error writing to client". # # getent passwd svn # svn:x:1275:100:svn:/skolelinux/administrator/svnrepository: # nslcd: DEBUG: connection from pid=23584 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixAccount)") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: DEBUG: connection from pid=23584 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_byname(svn) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixAccount)(uid=svn))") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: error writing to client [...] nslcd: error writing to client # # getent group svn # svn:*:994:aasmunds,adugna,aigarius,akai,al,albbas,alex,alexandro,alexbr,anders,andre,andread,andreas,andreasj,anoncvs,aracnus,arneha,arntog,arnulf,aruewele,asornes,axelb,barbarossa,bastian,benedikt,benjamin,berglas,bgrotan,bilbo,biret,bjarte,bjoern,bjornst,bkv,blhauge,borchr,builder,carll,cato,chris,ckuelker,climent,cobaco,conrad,cyborgar,daniel,dash,david,dloraas,dogg-e,dstevens,ebjordal,ebjotveit,eivind,elfinn,emh,ender,erik,esko,espen,espenbe,espenfjo,espeno,espenp,espental,eva,evealf,finnarne,finngl,fjemtland,fm,fredrikb,gautehk,gavin,gildseth,gingermig,gudrun,guillem,gunnhild,gustavf,halvor,halvorb,hansfn,hansolav,harald,haraldib,haraldoy,haumer,havard,havjon,hendry,herman,hilaire,hiljan,hklygre,holger,hovden,huftis,ilmari,isbjoern,jakob,jankr,jarl,jarlevik,jco,jeffbeck,jobo,joesca,joeyh,joga,johanso,johjen,johne,jomu,jonas,jordi,jorgenhg,jrognsa,jss,juechr,julien,kapital,kaplan,kar,karolpt,katla,keld,kennet,khollund,kjehol,kjetilho,klaus,kmaraas,knutnor,knutst,knuty,korsvoll,kthorger,kthorgersen,kuba,kurt,lars,larsny,larsr,lasse,ludvig,luk,lyvhel,mads,magnio,magnus,mako,marius,mariwan,markos,markus,mathiasm,matiashf,mgjansen,mihtjel,mortenhu,morteni,mortenkn,mpaulsen,msporild,n10516,nana,nilhil,nilsk,nina,nordtor,ochagenes,ocwh,odderik,oddrune,oka,olaketil,ole,olea,olekvi,olemd,olsken,omabel,orvarodd,oskadsem,oskar,ottar,ottarp,oyvind,ozmund,patrick,pere,perh,peter,pleira,pma,qber66,raghaug,ragnar,ralfg,ratix,ringe,rjernsle,rmo,robdag,roberth,rogerc,roktas,ronny,roy,rune,runen,runesk,runev,sauli,sbasma,sigbjorn,sigurdno,skogmus,snojen,solsiv,spysir,st,stian,stianj,sturles,sunny256,sveinmb,sveinove,svenare,svenn78,tadsol,talan,tarjei,tarjeiv,tc,teddy,ten,terjer,tfheen,thegve,thgjerde,thierry,thomas,thorh,tjernak,tkj,toffer,tonni,tor,tore,torgeirb,tormod,torsted,tosten,trond,trondm,truls,tsb,tufpre,vagrant,vb,vegard,vesa,vesket,vibeke,vibjohan,vidar,vidgroe,vigdis,werner,wesodd,white,winnie,xzz,yngve,zerodogg,zobel # nslcd: DEBUG: connection from pid=23247 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: DEBUG: connection from pid=23247 uid=0 gid=0 nslcd: DEBUG: nslcd_group_byname(svn) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixGroup)(cn=svn))") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: DEBUG: connection from pid=23247 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: DEBUG: connection from pid=23247 uid=0 gid=0 nslcd: DEBUG: nslcd_group_byname(svn) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixGroup)(cn=svn))") nslcd: DEBUG: connection from pid=23247 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: DEBUG: connection from pid=23247 uid=0 gid=0 nslcd: DEBUG: nslcd_group_byname(svn) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixGroup)(cn=svn))") # # id -a svn # uid=1275(svn) gid=100(users) groups=100(users),996(src) # nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixAccount)") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_byname(svn) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixAccount)(uid=svn))") nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: error writing to client [...] nslcd: error writing to client nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixAccount)") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_byuid(1275) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixAccount)(uidNumber=1275))") nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: error writing to client [...] nslcd: error writing to client nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: error writing to client [...] nslcd: error writing to client nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: error writing to client nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: error writing to client [...] nslcd: error writing to client nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_bygid(996) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixGroup)(gidNumber=996))") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_bygid(996) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixGroup)(gidNumber=996))") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixGroup)") nslcd: DEBUG: connection from pid=23248 uid=0 gid=0 nslcd: DEBUG: nslcd_group_bygid(996) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixGroup)(gidNumber=996))") nslcd: error writing to client [...] nslcd: error writing to client > 3. perform an ssh login and report the output from nslcd above and any > information that sshd reports (you could also run sshd in debug > mode) Here is the output from nslcd during a ssh login: nslcd: DEBUG: connection from pid=22571 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixAccount)") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: error writing to client [...] nslcd: error writing to client nslcd: DEBUG: connection from pid=22572 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixAccount)") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: error writing to client [...] nslcd: error writing to client nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: error writing to client [...] nslcd: error writing to client nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: error writing to client [...] nslcd: error writing to client nslcd: DEBUG: connection from pid=22571 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_all() nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(objectClass=posixAccount)") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: connected to LDAP server ldap://ldap/ nslcd: error writing to client [...] nslcd: error writing to client nslcd: DEBUG: connection from pid=22571 uid=0 gid=0 nslcd: DEBUG: nslcd_passwd_byname(pere) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixAccount)(uid=pere))") nslcd: DEBUG: simple anonymous bind to ldap://ldap/ nslcd: passwd entry uid=svn,ou=People,dc=skole,dc=skolelinux,dc=no does not contain loginShell value nslcd: connected to LDAP server ldap://ldap/ nslcd: error writing to client [...] nslcd: error writing to client nslcd: DEBUG: connection from pid=22571 uid=0 gid=0 nslcd: DEBUG: nslcd_group_bymember(pere) nslcd: DEBUG: myldap_search(base="dc=skole,dc=skolelinux,dc=no", filter="(&(objectClass=posixGroup)(memberUid=pere))") > In the above nslcd reports process ids of incoming connections. Can > you check that those are from sshd? Not easily, but the machine isn't doing much else, so I am pretty sure it is from that process. > Can you also describe a little about your environment > (/etc/nss-ldapd.conf, /etc/nsswitch.conf, maybe you have AllowGroups > and/or AllowUsers entries in /etc/ssh/sshd_config, how many users do > you have, number of groups, etc). Nothing special: /etc/nss-ldapd.conf uri ldap://ldap/ base dc=skole,dc=skolelinux,dc=no /etc/nsswitch.conf passwd: compat passwd_compat: ldap group: compat group_compat: ldap shadow: compat shadow_compat: ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: files ldap sshd_config is the default in Etch. Happy hacking, -- Petter Reinholdtsen
