On Thu, 23 Jan 2003, Stefan van der Eijk wrote: > Another nice LDAP related buglet. On a cooker machine that's running > slapd (openldap-servers) the sshd won't work properly. > > It's easy to reproduce (I've done it on 2 machines): > > [root@taz root]# service ldap start > ldaps > Starting slapd (ldap + ldaps): [ OK ] > [root@taz root]# ssh stefan@localhost > stefan@localhost's password: > Read from remote host localhost: Connection reset by peer > Connection to localhost closed. > [root@taz root]# service ldap stop > Stopping slapd: /etc/init.d/ldap: line 243: kill: (15609) - No such process > /etc/init.d/ldap: line 243: kill: (15608) - No such process > /etc/init.d/ldap: line 243: kill: (15602) - No such process > [ OK ] > [root@taz root]# ssh stefan@localhost > stefan@localhost's password: > Last login: Thu Jan 23 21:44:58 2003 from localhost.localdomain > [stefan@taz stefan]$ exit > > Connection to localhost closed. > [root@taz root]# service ldap start > ldaps > Starting slapd (ldap + ldaps): [ OK ] > [root@taz root]# ssh stefan@localhost > stefan@localhost's password: > Read from remote host localhost: Connection reset by peer > Connection to localhost closed. > [root@taz root]# >
Works for me: [bgmilne@mail bgmilne]$ ssh bgmilne bgmilne@bgmilne's password: Last login: Thu Jan 23 23:07:27 2003 from mail.cae.co.za -bash: TMOUT: readonly variable [bgmilne@bgmilne bgmilne]$ ps ax|grep [s]lapd 1323 ? S 0:00 /usr/sbin/slapd -u ldap -g ldap -l LOCAL0 -s 0 -h ldap:/// ldaps:/// 1327 ? S 0:00 /usr/sbin/slapd -u ldap -g ldap -l LOCAL0 -s 0 -h ldap:/// ldaps:/// 1334 ? S 0:00 /usr/sbin/slapd -u ldap -g ldap -l LOCAL0 -s 0 -h ldap:/// ldaps:/// 1426 ? S 0:00 /usr/sbin/slapd -u ldap -g ldap -l LOCAL0 -s 0 -h ldap:/// ldaps:/// 1427 ? S 0:00 /usr/sbin/slapd -u ldap -g ldap -l LOCAL0 -s 0 -h ldap:/// ldaps:/// 2918 ? S 0:00 /usr/sbin/slapd -u ldap -g ldap -l LOCAL0 -s 0 -h ldap:/// ldaps:/// [bgmilne@bgmilne bgmilne]$ ssh localhost Last login: Thu Jan 23 23:07:42 2003 from mail.cae.co.za -bash: TMOUT: readonly variable [bgmilne@bgmilne bgmilne]$ (but I think my slave has died, auth works by referral to the master at present ...) Are you sure it's not an issue of conflicting entries in ldap and local? Maybe user 'sshd' exists in ldap with the wrong uid, that would probably do it due to privsep, sshd server still runs as root, but privsep dies ? > > Where shall I file the bug, openldap-servers package or openssh-server? Reproduce on a different network first ... (BTW, it's not a good idea to have ldap user in ldap when you install openldap-servers onto a box ... stop ldap and you won't be able to start it again ;-) Also, a good way to check is to test both: $ getent passwd sshd $ getent passwd|grep ^sshd and hope they give the same answer ... Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7