On 02/10/2009 10:08 PM, Arjun Singh wrote: > Thanks for the advice. I tried to see if I could get nscd to solve anything, > but it seems to just hide the problem, and not completely. With nscd > enabled, the first login fails. After that, it's fine.. > > I get the following in auth.log corresponding with the failed first login > (with the correct pw): > > Feb 10 22:03:23 new-hkn sshd[59371]: nss_ldap: could not search LDAP server > - Server is unavailable > Feb 10 22:03:23 new-hkn sshd[59371]: fatal: login_get_lastlog: Cannot find > account for uid 10000 > Feb 10 22:03:23 new-hkn sshd[59371]: syslogin_perform_logout: logout() > returned an error [...]
It appears to be a bug when using nss_ldap with RELENG_7, as I have been unable to reproduce the issue on machines running 6.2-RELEASE and 6.3-RELEASE, regardless of the version of OpenLDAP. In my environment, the machines use pam_krb5 for authentication, so the problem is definitely not related to pam_ldap. Have you filed a problem report? -- Benjamin Lee http://www.b1c1l1.com/
signature.asc
Description: OpenPGP digital signature