On 02/11/2009 04:20 PM, Benjamin Lee wrote: > On 02/10/2009 10:08 PM, Arjun Singh wrote: >> Thanks for the advice. I tried to see if I could get nscd to solve anything, >> but it seems to just hide the problem, and not completely. With nscd >> enabled, the first login fails. After that, it's fine.. >> >> I get the following in auth.log corresponding with the failed first login >> (with the correct pw): >> >> Feb 10 22:03:23 new-hkn sshd[59371]: nss_ldap: could not search LDAP server >> - Server is unavailable >> Feb 10 22:03:23 new-hkn sshd[59371]: fatal: login_get_lastlog: Cannot find >> account for uid 10000 >> Feb 10 22:03:23 new-hkn sshd[59371]: syslogin_perform_logout: logout() >> returned an error > [...] > > It appears to be a bug when using nss_ldap with RELENG_7, as I have been > unable to reproduce the issue on machines running 6.2-RELEASE and > 6.3-RELEASE, regardless of the version of OpenLDAP. In my environment, > the machines use pam_krb5 for authentication, so the problem is > definitely not related to pam_ldap. Have you filed a problem report?
[changing the subject to be more descriptive] I was able to work around the issue by removing pthread_atfork detection from the configure script. Specifically: b...@dot /usr/ports/net/nss_ldap/work/nss_ldap-264 $ diff -u configure.in{.orig,} --- configure.in.orig 2009-02-13 01:56:31.000000000 -0800 +++ configure.in 2009-02-13 01:56:58.000000000 -0800 @@ -230,7 +230,6 @@ AC_CHECK_FUNCS(gethostbyname) AC_CHECK_FUNCS(nsdispatch) AC_CHECK_LIB(pthread_nonshared, main) -AC_CHECK_FUNCS(pthread_atfork) AC_CHECK_FUNCS(pthread_once) AC_CHECK_FUNCS(ether_aton) AC_CHECK_FUNCS(ether_ntoa) I assume, then, that the defect is related to the change from libkse to libthr in RELENG_7. Does anybody have any further insight into this issue? -- Benjamin Lee http://www.b1c1l1.com/
signature.asc
Description: OpenPGP digital signature