Good morning, (Sorry for my english ;))
We are experimenting the same bug, impossible to connect via ssh, smtp stops to work on Debian Lenny (with all updates, last update we did was the 28 june 2010). Here are the logs: Postfix: Jul 3 10:42:59 mailhost08 postfiX/smtpd[6651]: timeout after CONNECT from localhost[127.0.0.1] Jul 3 10:42:59 mailhost08 postfiX/smtpd[6651]: disconnect from localhost[127.0.0.1] Jul 3 10:44:39 mailhost08 postfiX/smtpd[6888]: fatal: file /etc/mail01/main.cf: parameter default_privs: unknown user name value: nobody Jul 3 10:44:40 mailhost08 postfiX/master[29358]: warning: process /usr/lib/postfix/smtpd pid 6888 exit status 1 Jul 3 10:44:40 mailhost08 postfiX/master[29358]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Jul 3 10:45:16 mailhost08 postfiX/smtpd[6996]: fatal: file /etc/mail01/main.cf: parameter default_privs: unknown user name value: nobody Ssh (auth.log): Jul 3 11:01:40 mailhost08 sshd[8103]: fatal: Privilege separation user sshd does not exist It seems that all users are no more found. Interesting thing: we are currently using ldap on more than 50 servers, only mail servers seems to be impacted (they are extremely solicited and each server runs 3 postfix instances), we are using ldap since febrary and the problem appeared in the last 4 days on 4 mails servers (each of them as the same configuration). Here are the confs: # cat /etc/libnss-ldap.conf base o=ptf,dc=e,dc=net uri ldaps://ldapclust01:636 ldap_version 3 timelimit 4 bind_timelimit 4 bind_policy soft idle_timelimit 3600 # cat /etc//nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis # cat /etc/pam_ldap.conf base o=ptf,dc=e,dc=net uri ldaps://ldapclust01:636 ldap_version 3 timelimit 4 bind_timelimit 4 bind_policy soft idle_timelimit 3600 pam_password crypt ssl on # cat /etc/pam.d/common-account account sufficient pam_ldap.so account required pam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent # cat /etc/pam.d/common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass # cat /etc/pam.d/common-session session sufficient pam_ldap.so session required pam_unix.so cat /etc/pam.d/common-password password sufficient pam_ldap.so password required pam_unix.so nullok obscure md5 Here are the packages installed: # dpkg -l | egrep "ldap|nss|pam|ssh|postfix|ssl" ii libcrypt-openssl-bignum-perl 0.04-1+b1 Access OpenSSL multiprecision integer arithmetic libraries ii libcrypt-openssl-rsa-perl 0.25-1+b1 Perl module providing basic RSA functionality ii libldap-2.4-2 2.4.11-1+lenny1 OpenLDAP libraries ii libnss-ldap 261-2.1 NSS module for using LDAP as a naming service ii libpam-ldap 184-4.2 Pluggable Authentication Module for LDAP ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules for PAM ii libpam-runtime 1.0.1-5+lenny1 Runtime support for the PAM library ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules library ii libssl0.9.8 0.9.8g-15+lenny7 SSL shared libraries ii openssh-blacklist 0.4.1 list of default blacklisted OpenSSH RSA and DSA keys ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted OpenSSH RSA and DSA keys ii openssh-client 1:5.1p1-5 secure shell client, an rlogin/rsh/rcp replacement ii openssh-server 1:5.1p1-5 secure shell server, an rshd replacement ii openssl 0.9.8g-15+lenny7 Secure Socket Layer (SSL) binary and related cryptographic too ii openssl-blacklist 0.4.2 list of blacklisted OpenSSL RSA keys ii postfix 2.5.5-1.1 High-performance mail transport agent ii ssh 1:5.1p1-5 secure shell client and server (metapackage) ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL I will give a try to libnss-ldapd next week ;). Cheers, Marc MILLIEN. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
