Package: sssd
Version: 1.2.1-4
Severity: important

sssd fails to make ssl or starttls connection while trying to authenticate users. When getting usernames or groups, there is no problem.
Also using same ssl setting ldapsearch -x -Z has succesful response.

redhat-ds sees:
[16/Dec/2010:15:59:43 +0200] conn=24362 fd=208 slot=208 SSL connection from client to server [16/Dec/2010:15:59:43 +0200] conn=24363 fd=365 slot=365 SSL connection from client to server [16/Dec/2010:15:59:43 +0200] conn=24364 fd=435 slot=435 SSL connection from client to server [16/Dec/2010:15:59:43 +0200] conn=24363 op=-1 fd=365 closed - Encountered end of file. [16/Dec/2010:15:59:43 +0200] conn=24362 op=-1 fd=208 closed - Encountered end of file. [16/Dec/2010:15:59:43 +0200] conn=24364 op=-1 fd=435 closed - Encountered end of file.

sssd with debuglevel 10 sees while using start tls:
(Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [sdap_connect_send] (4): Executing START TLS (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [sdap_ldap_connect_callback_add] (9): New LDAP connection to [ldap://server:389] with fd [22]. (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [sdap_process_result] (8): Trace: sh[0x9a7def0], connected[1], ops[0x9a87c70], ldap[0x9a7e4a0] (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [sdap_connect_done] (3): START TLS result: Success(0), Start TLS request accepted.Server willing to negotiate SSL. (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [sdap_connect_done] (3): ldap_install_tls failed: [Connect error] [Start TLS request accepted.Server willing to negotiate SSL.] (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [sdap_handle_release] (8): Trace: sh[0x9a7def0], connected[1], ops[(nil)], ldap[0x9a7e4a0], destructor_lock[0], release_memory[0] (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [remove_connection_callback] (9): Successfully removed connection callback. (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [fo_set_port_status] (4): Marking port 389 of server 'server' as 'not working' (Thu Dec 16 17:26:55 2010) [sssd[be[SMIT]]] [ldap_id_enum_users_done] (9): User enumeration failed with: (5)[Input/output error]

sssd with debuglevel 10 sees while using ldaps ssl setup:
(Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_uri_callback] (6): Constructed uri 'ldaps://server' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_uri_callback] (6): Constructed uri 'ldaps://server' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_uri_callback] (6): Constructed uri 'ldaps://server' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_get_rootdse_send] (9): Getting rootdse (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(objectclass=*)][]. (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_ldap_connect_callback_add] (9): New LDAP connection to [ldaps://server:636] with fd [24]. (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_get_generic_send] (3): ldap_search_ext failed: Can't contact LDAP server (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [fo_set_port_status] (4): Marking port 636 of server 'server' as 'not working' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [get_server_status] (7): Status of server 'server' is 'name resolved' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [get_port_status] (7): Port status of port 636 for server 'server' is 'not working' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [get_server_status] (7): Status of server 'server' is 'name resolved' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [get_port_status] (7): Port status of port 636 for server 'server' is 'not working' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [get_server_status] (7): Status of server 'server' is 'name resolved' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [get_port_status] (7): Port status of port 636 for server 'server' is 'not working' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [fo_resolve_service_send] (1): No available servers for service 'LDAP' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [fo_set_port_status] (4): Marking port 636 of server 'server' as 'not working' (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [sdap_handle_release] (8): Trace: sh[0x9884c78], connected[1], ops[(nil)], ldap[0x988d958], destructor_lock[0], release_memory[0] (Thu Dec 16 17:58:59 2010) [sssd[be[SMIT]]] [remove_connection_callback] (9): Successfully removed connection callback.


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sssd depends on:
ii libc-ares2 1.7.3-1 library for asyncronous name resol ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii  libcomerr2     1.41.12-2                 common error description library
ii libdbus-1-3 1.2.24-3 simple interprocess messaging syst ii libk5crypto3 1.8.3+dfsg-3 MIT Kerberos runtime libraries - C
ii  libkrb5-3      1.8.3+dfsg-3              MIT Kerberos runtime libraries
ii  libldap-2.4-2  2.4.23-7                  OpenLDAP libraries
ii libldb0 1:0.9.10~git20100203-1+b1 LDAP-like embedded database - shar
ii  libnspr4-0d    4.8.6-1                   NetScape Portable Runtime Library
ii libnss3-1d 3.12.8-1 Network Security Service libraries ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii  libselinux1    2.0.96-1                  SELinux runtime shared libraries
ii libsemanage1 2.0.45-1 SELinux policy management library. ii libtalloc2 2.0.1-1 hierarchical pool based memory all
ii  libtdb1        1.2.1-2+b1                Trivial Database - shared library
ii  libtevent0     0.9.8-1+b1                talloc-based event loop library -
ii python 2.6.6-3+squeeze2 interactive high-level object-orie ii python-sss 1.2.1-4 Pam module for the System Security

Versions of packages sssd recommends:
ii bind9-host 1:9.6.1.dfsg.P3-1 Version of 'host' bundled with BIN
ii  ldap-utils             2.4.23-7          OpenLDAP utilities

Versions of packages sssd suggests:
ii libnss-sss 1.2.1-4 Nss library for the System Securit ii libpam-sss 1.2.1-4 Pam module for the System Security

-- Configuration Files:
/etc/init.d/sssd changed [not included]

-- no debconf information



--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to