[Bug 1563710] [NEW] nscd and nss_ldap does not fail over

Sam Darwin Wed, 30 Mar 2016 01:06:08 -0700

Public bug reported:

Ubuntu 14.04
openldap 2.4.31


Two ldap servers with replication, server1 and server2

On a client, in /etc/ldap.conf, configure 2 servers

host server1 server2

Failover works fine.   If a server is down, the other server answers
authentication requests.

Next, enable nscd, on the client.

service nscd start

Now during a failover event, ssh is broken.

Mar 30 02:00:18 client1 nscd: nss_ldap: could not search LDAP server - Server 
is unavailable
Mar 30 02:00:18 client1 sshd[31007]: Invalid user user1 from 10.1.2.3
Mar 30 02:00:18 client1 sshd[31007]: input_userauth_request: invalid user user1 
[preauth]
Mar 30 02:00:24 client1 sshd[31007]: pam_unix(sshd:auth): check pass; user 
unknown
Mar 30 02:00:24 client1 sshd[31007]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.1.2.3
Mar 30 02:00:24 client1 sshd[31007]: pam_ldap: error trying to bind as user 
"uid=user1,ou=users,dc=company1,dc=net" (Invalid credentials)
Mar 30 02:00:24 client1 sshd[31007]: pam_warn(sshd:auth): 
function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[user1] 
ruser=[<unknown>] rhost=[10.1.2.3]
Mar 30 02:00:26 client1 sshd[31007]: Failed password for invalid user user1 
from 10.1.2.3 port 28607 ssh2
Mar 30 02:00:32 client1 sshd[31007]: pam_unix(sshd:auth): check pass; user 
unknown
Mar 30 02:00:32 client1 sshd[31007]: pam_ldap: error trying to bind as user 
"uid=user1,ou=users,dc=company1,dc=net" (Invalid credentials)
Mar 30 02:00:32 client1 sshd[31007]: pam_warn(sshd:auth): 
function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[user1] 
ruser=[<unknown>] rhost=[10.1.2.3]
Mar 30 02:00:34 client1 sshd[31007]: Failed password for invalid user user1 
from 10.1.2.3 port 28607 ssh2

** Affects: libnss-ldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1563710

Title:
  nscd and nss_ldap does not fail over

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1563710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1563710] [NEW] nscd and nss_ldap does not fail over

Reply via email to