Date: Wed, 15 Apr 2009 12:14:48 -0700 From: Benjamin Lee <ben@b1c1l1.com> To: Konrad Heuer <kheuer2@gwdg.de> Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Problem: FreeBSD 7.x && ssh v2 && nss_ldap Message-ID: <49E63228.3090409@b1c1l1.com> In-Reply-To: <20090415102209.T34961@gwdu60.gwdg.de> References: <20090415102209.T34961@gwdu60.gwdg.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4BFC7E43205937AB42E95527 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 04/15/2009 01:33 AM, Konrad Heuer wrote: >=20 > I see a problem on two systems running FreeBSD 7.0 or 7.1 which are > configured as OpenLDAP clients using the nss_ldap module. >=20 > When someone logs on using ssh protocol version 2 the session will not > be initialized correctly. The user will only get his primary group > affiliation but no affiliation to other groups (memberUid attribute in > LDAP group entries). >=20 > On 7.1 the ssh login process hangs forever with open ldap queries, on > 7.0 the group list is incomplete. On several 6.x systems, all works > correctly. > I have used the configuration for years now. >=20 > There are some workarounds I found: >=20 > a) use ssh protocol version 1 > b) set UseLogin to yes in sshd_config > c) avoid ssl encryption in communication to ldap server > (ldap://... uri instead of ldaps://... in ldap.conf) >=20 > Does anybody see similar problems? Does anybody have an idea what may > couse the problem? I recently submitted ports/133501 regarding this issue, but I have not yet received a response. My workaround was to disable pthread_atfork support, so the problem might be related to the change from libkse to libthr in RELENG_7. --=20 Benjamin Lee http://www.b1c1l1.com/ --------------enig4BFC7E43205937AB42E95527 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJ5jIxAAoJEN/n9makEYThWVwQAL1c4HA6wt91YSTImvGPj96M a9RJkJcGVE3GeOPBAhAjOsQzoaXlKkgvSwBSIue77x2SavApvjIQ5eS/+p3zw2RP badwqQSDJ63myopJfmOL/ijgeCaNkbOXcQZ1L8in+ywAznXPwyUKBN8Pv7vjfjDU N5GjGKuXGoh+hHWITPxPH1OUP3T6cPGH9TJO9JcfOyaJNDj+CsaZeTAAxBovvB+Q f1I9v2yBODwNP9hkkHQEJGdexnOc1VgfiT+8F6Fr4JmvQoZHx3yAipzef7yFUWjY l3lrnJPT/pFfsyXcHNQOoJEkJDuF4ce+7AkhzQd2J32VscvoQ+jXy1BVb1MfJYJf 43AtbNkOlUul/7+T6ucM+dDtrA/UiCYdO1oTTzIRGC8u0DxycWIYkASYx2rfBVkb aVaAYFwLyFMVfpFhc7ZGanj4DpIdt8O0443sHDw6YVQ7Gy7SVRPCG55PuY6TognO ssp//UonMwkX9mhBKAKMmpn/+1mG3WeVen8IIVTTRAQyCQ7yhP6z1OXfbqymy+QR yPNTemo8szxcyBYIlghl+w/CXh4CbdQTo2tTzq1bA5hUEbJlYqajuN9/GPtEC3a5 0CwfkeaveKiPrdUrRg+9s1OridGB7y5e4YRo9MPpKjssTyDYSG0b0ZsMP6cl3mac Cvd3tlZKndtyMrjHfFLk =f+dM -----END PGP SIGNATURE----- --------------enig4BFC7E43205937AB42E95527--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49E63228.3090409>