Date: Thu, 6 Mar 2014 17:36:12 -0500 From: Mark Saad <nonesuch@longcount.org> To: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: NSS ldap errors Message-ID: <CC55938C-0AE9-4D8D-AE66-83FBC1C46BEE@longcount.org> In-Reply-To: <201403061621.16046.jhb@freebsd.org> References: <53174346.6070703@phat.za.net> <2FA6FDB3-6F13-4C86-A9CD-EDD88EE072EA@longcount.org> <201403061621.16046.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Mar 6, 2014, at 4:21 PM, John Baldwin <jhb@freebsd.org> wrote: >=20 >> On Wednesday, March 05, 2014 9:41:21 pm Mark Saad wrote: >>=20 >> Looping the list back in . >>=20 >>> On Mar 5, 2014, at 10:31 AM, Aragon Gouveia <aragon@phat.za.net> wrote: >>>=20 >>> Hi, >>>=20 >>> I'm trying to implement net/nss-pam-ldapd on 9.2-RELEASE, and hitting so= me NSS issues. PAM authentication with SSH works fine, but there are a lot > of NSS errors in /var/log/debug.log: >>>=20 >>> Mar 4 17:15:00 <cron.debug> cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, passwd, getpwnam_r, not found, and no fallback provided >>> Mar 4 17:15:00 <cron.debug> cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, group, setgrent, not found, and no fallback provided >>> Mar 4 17:15:00 <cron.debug> cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, group, getgrent_r, not found, and no fallback provided >>> Mar 4 17:15:00 <cron.debug> cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, group, endgrent, not found, and no fallback provided >>> Mar 4 17:15:00 <cron.debug> cstor1 cron[68418]: NSSWITCH(_nsdispatch): l= dap, passwd, endpwent, not found, and no fallback provided >>> Mar 4 17:15:11 <user.debug> cstor1 -bash: NSSWITCH(_nsdispatch): ldap, p= asswd, getpwuid_r, not found, and no fallback provided >>> Mar 4 17:15:11 <user.debug> cstor1 -bash: NSSWITCH(_nsdispatch): ldap, p= asswd, endpwent, not found, and no fallback provided >>>=20 >>> And in the case of bash, it's unable to resolve the LDAP username, and t= he resulting PS1 prompt shows: >>>=20 >>> [I have no name!@cstor1 ~]$ >>>=20 >>> The author of nss-pam-ldapd isn't sure what the problem is: >>>=20 >>> http://lists.arthurdejong.org/nss-pam-ldapd-users/2014/msg00044.html >>>=20 >>> FWIW, the same problems occur with net/nss_ldap. >>>=20 >>> Any NSS gurus who can help? >>>=20 >>>=20 >>> Thanks, >>> Aragon >>=20 >>=20 >> This is related to using bash-static as root's shell . As well as setting= non root users login shell to bash-static . >> The "I have no name" user name issue and the the getpwuid* calls failing h= ave to do with the fact that bash-static can not load some library , but my > memory is lost on the exact library and details . I wasted a bunch of time= on this in 7.2-RELEASE and it took a while to debug this . Using a standar= d=20 > port of bash or any other shell resolved this for me .=20 >=20 > Yes, static binaries have no copy of the runtime linker around, so they ca= n't > invoke dlopen() to open nss_foo.so modules. I have no idea if you can use= > nscd to work around this for static binaries. >=20 John, I tested both with nscd and straight lookups and I had the same issue e= ither way .=20 As soon as you said "can't dlopen nss_libfoo" it all came back to me . I had= bash-static with the remote syslog patch as everyone's shell . It took a wh= ile to track down if it was the syslog patch or the static shell .=20 > --=20 > John Baldwin --- Mark saad | mark.saad@longcount.org=20=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CC55938C-0AE9-4D8D-AE66-83FBC1C46BEE>