You have been subscribed to a public bug:
Binary package hint: libnss-ldapd
Since Hardy's release, when doing e kerberos connexion, a refusal to
open a gdm session may occur. Error message in gdm is : "The system
administrator had temporarily disabled connexion to this system". In
auth.log: "nscd: nss_ldap: server is unavailable"
The problem occurs in the "account" phase, when the user account
information is beng pulled. The kerberos authentication is successful
but the user is not know by the system.
when this occurs, from another session we can do a:
# getent passwd user_having_issue
and we do not get a reply. After a certain time lapse, without any change to
the setup, the user becomes known again.
Note: during this period, other users are tested and work succesfully, which
shows that the ldap server does function properly.
To understand the issue better, a network trace was done and it can be seen
that on the TCP connexion use by the request
1- earlier: the LDAP server sent a end tcp session packet (FIN)
2- nssldap sends back an ACK
3- nssldap continues on using this connexion that he acknoledged closing
To try to go around the issue, it was tried to configure nsslap to not
use persistent connexion (ldap.conf : nss_connect_policy oneshot), but
once this is applied and the client rebooted, then gdm crashes
consistently at each authentication try (clearly identified in syslog).
The crash goes away after restoring the original config
(nss_connect_policy persist).
** Affects: ubuntu
Importance: Undecided
Status: New
** Affects: libnss-ldap (Ubuntu)
Importance: Undecided
Status: New
--
nscd: nss_ldap: server is unavailable
https://bugs.launchpad.net/bugs/237115
You received this bug notification because you are a member of Ubuntu Server
Team, which is subscribed to libnss-ldap in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
