Package: nslcd
Version: 0.8.4
Severity: normal

ISSUE
===============
Unable to login with cached LDAP credentials - stoping nslcd fixes the issue

Packes installed on the client:
libpam-ldapd
libnss-ldapd
nslcd
nscd
libpam-ccreds
libpam-mklocaluser

LDAP/Kerberos logins are working well when I am connected to the network. nscd
was adjusted to allow keep credentials longer.

If I try to login without access to the network I will pass the login screen,
which reports that I am using cached credentials, but the screen goes black and
stays there.

The following messages are logged:
Sep  7 10:57:01 clientmachine nslcd[1998]: [95f874]
<host="1.debian.pool.ntp.org"> no available LDAP server found: Server is
unavailable
Sep  7 10:57:01 clientmachine nslcd[1998]: [138641]
<host="2.debian.pool.ntp.org"> no available LDAP server found: Server is
unavailable
Sep  7 10:57:01 clientmachine nslcd[1998]: [7ff521]
<host="2.debian.pool.ntp.org"> no available LDAP server found: Server is
unavailable
Sep  7 10:57:01 clientmachine nslcd[1998]: [3dbd3d]
<host="3.debian.pool.ntp.org"> no available LDAP server found: Server is
unavailable
Sep  7 10:57:01 clientmachine nslcd[1998]: [7b8ddc]
<host="3.debian.pool.ntp.org"> no available LDAP server found: Server is
unavailable
Sep  7 10:57:29 clientmachine nslcd[1998]: [eaf087]
<host="ldapserver.30.168.192.in-addr.arpa"> failed to bind to LDAP server
ldap://ldapserver.domain.tld: Can't contact LDAP server: Transport endpoint is
not connected
Sep  7 10:57:29 clientmachine nslcd[1998]: [eaf087]
<host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found:
Can't contact LDAP server
Sep  7 10:57:29 clientmachine nslcd[1998]: [221a70]
<host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found:
Server is unavailable
Sep  7 10:59:29 clientmachine nslcd[1998]: [16dde9]
<host="ldapserver.30.168.192.in-addr.arpa"> failed to bind to LDAP server
ldap://ldapserver.domain.tld: Can't contact LDAP server: Transport endpoint is
not connected
Sep  7 10:59:29 clientmachine nslcd[1998]: [16dde9]
<host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found:
Can't contact LDAP server
Sep  7 10:59:29 clientmachine nslcd[1998]: [06c83e]
<host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found:
Server is unavailable
Sep  7 11:01:29 clientmachine nslcd[1998]: [4fd4a1]
<host="ldapserver.30.168.192.in-addr.arpa"> failed to bind to LDAP server
ldap://ldapserver.domain.tld: Can't contact LDAP server: Transport endpoint is
not connected
Sep  7 11:01:29 clientmachine nslcd[1998]: [4fd4a1]
<host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found:
Can't contact LDAP server
Sep  7 11:01:29 clientmachine nslcd[1998]: [9ac241]
<host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found:
Server is unavailable


WORKAROUND
===============
Stoping the nslcd daemon fixes the problem
# /etc/init.d/nslcd stop

Then I can login without access to network with cached LDAP credentials without
any problem.


Any idea?

Thanks
Jiri



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nslcd depends on:
ii  adduser                     3.113        add and remove users and groups
ii  debconf [debconf-2.0]       1.5.41       Debian configuration management sy
ii  libc6                       2.13-18      Embedded GNU C Library: Shared lib
ii  libgssapi-krb5-2            1.9.1+dfsg-2 MIT Kerberos runtime libraries - k
ii  libldap-2.4-2               2.4.25-3     OpenLDAP libraries

Versions of packages nslcd recommends:
ii  bind9-host [host]      1:9.7.3.dfsg-1+b1 Version of 'host' bundled with BIN
ii  host                   1:9.7.3.dfsg-1    Transitional package
ii  ldap-utils             2.4.25-3          OpenLDAP utilities
ii  libnss-ldapd [libnss-l 0.8.4             NSS module for using LDAP as a nam
ii  libpam-krb5            4.4-1             PAM module for MIT Kerberos
ii  libpam-ldapd [libpam-l 0.8.4             PAM module for using LDAP as an au
ii  nscd                   2.13-18           Embedded GNU C Library: Name Servi

Versions of packages nslcd suggests:
pn  kstart                        <none>     (no description available)

-- debconf information:
  nslcd/ldap-sasl-realm:
  nslcd/ldap-starttls: false
  nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
  nslcd/ldap-auth-type: none
  nslcd/ldap-reqcert:
* nslcd/ldap-uris: ldap://maverick.allsupp.corp
  nslcd/ldap-sasl-secprops:
  nslcd/ldap-binddn:
  nslcd/ldap-sasl-authcid:
  nslcd/ldap-sasl-mech:
* nslcd/ldap-base: dc=allsupp,dc=corp
  nslcd/ldap-sasl-authzid:



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to