Package: nslcd Version: 0.8.4 Severity: normal ISSUE =============== Unable to login with cached LDAP credentials - stoping nslcd fixes the issue
Packes installed on the client: libpam-ldapd libnss-ldapd nslcd nscd libpam-ccreds libpam-mklocaluser LDAP/Kerberos logins are working well when I am connected to the network. nscd was adjusted to allow keep credentials longer. If I try to login without access to the network I will pass the login screen, which reports that I am using cached credentials, but the screen goes black and stays there. The following messages are logged: Sep 7 10:57:01 clientmachine nslcd[1998]: [95f874] <host="1.debian.pool.ntp.org"> no available LDAP server found: Server is unavailable Sep 7 10:57:01 clientmachine nslcd[1998]: [138641] <host="2.debian.pool.ntp.org"> no available LDAP server found: Server is unavailable Sep 7 10:57:01 clientmachine nslcd[1998]: [7ff521] <host="2.debian.pool.ntp.org"> no available LDAP server found: Server is unavailable Sep 7 10:57:01 clientmachine nslcd[1998]: [3dbd3d] <host="3.debian.pool.ntp.org"> no available LDAP server found: Server is unavailable Sep 7 10:57:01 clientmachine nslcd[1998]: [7b8ddc] <host="3.debian.pool.ntp.org"> no available LDAP server found: Server is unavailable Sep 7 10:57:29 clientmachine nslcd[1998]: [eaf087] <host="ldapserver.30.168.192.in-addr.arpa"> failed to bind to LDAP server ldap://ldapserver.domain.tld: Can't contact LDAP server: Transport endpoint is not connected Sep 7 10:57:29 clientmachine nslcd[1998]: [eaf087] <host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found: Can't contact LDAP server Sep 7 10:57:29 clientmachine nslcd[1998]: [221a70] <host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found: Server is unavailable Sep 7 10:59:29 clientmachine nslcd[1998]: [16dde9] <host="ldapserver.30.168.192.in-addr.arpa"> failed to bind to LDAP server ldap://ldapserver.domain.tld: Can't contact LDAP server: Transport endpoint is not connected Sep 7 10:59:29 clientmachine nslcd[1998]: [16dde9] <host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found: Can't contact LDAP server Sep 7 10:59:29 clientmachine nslcd[1998]: [06c83e] <host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found: Server is unavailable Sep 7 11:01:29 clientmachine nslcd[1998]: [4fd4a1] <host="ldapserver.30.168.192.in-addr.arpa"> failed to bind to LDAP server ldap://ldapserver.domain.tld: Can't contact LDAP server: Transport endpoint is not connected Sep 7 11:01:29 clientmachine nslcd[1998]: [4fd4a1] <host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found: Can't contact LDAP server Sep 7 11:01:29 clientmachine nslcd[1998]: [9ac241] <host="ldapserver.30.168.192.in-addr.arpa"> no available LDAP server found: Server is unavailable WORKAROUND =============== Stoping the nslcd daemon fixes the problem # /etc/init.d/nslcd stop Then I can login without access to network with cached LDAP credentials without any problem. Any idea? Thanks Jiri -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nslcd depends on: ii adduser 3.113 add and remove users and groups ii debconf [debconf-2.0] 1.5.41 Debian configuration management sy ii libc6 2.13-18 Embedded GNU C Library: Shared lib ii libgssapi-krb5-2 1.9.1+dfsg-2 MIT Kerberos runtime libraries - k ii libldap-2.4-2 2.4.25-3 OpenLDAP libraries Versions of packages nslcd recommends: ii bind9-host [host] 1:9.7.3.dfsg-1+b1 Version of 'host' bundled with BIN ii host 1:9.7.3.dfsg-1 Transitional package ii ldap-utils 2.4.25-3 OpenLDAP utilities ii libnss-ldapd [libnss-l 0.8.4 NSS module for using LDAP as a nam ii libpam-krb5 4.4-1 PAM module for MIT Kerberos ii libpam-ldapd [libpam-l 0.8.4 PAM module for using LDAP as an au ii nscd 2.13-18 Embedded GNU C Library: Name Servi Versions of packages nslcd suggests: pn kstart <none> (no description available) -- debconf information: nslcd/ldap-sasl-realm: nslcd/ldap-starttls: false nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt nslcd/ldap-auth-type: none nslcd/ldap-reqcert: * nslcd/ldap-uris: ldap://maverick.allsupp.corp nslcd/ldap-sasl-secprops: nslcd/ldap-binddn: nslcd/ldap-sasl-authcid: nslcd/ldap-sasl-mech: * nslcd/ldap-base: dc=allsupp,dc=corp nslcd/ldap-sasl-authzid: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

