Startup problem with ldap

Phil Mayers p.mayers at imperial.ac.uk
Thu Nov 8 12:51:31 CET 2007


On Wed, 2007-11-07 at 21:20 +0100, Massimo Meregalli wrote:
> Hi Alan,
> 
> Thanks for your replies.
> 
> > >         #5  0x0070f79b in ldap_ld_free ()
> > >         from /usr/lib/libldap_r-2.3.so.0
> > >         #6  0x00663dd7 in ?? () from /usr/lib/libnss_ldap.so.2
> > >         #7  0x00667504 in ?? () from /usr/lib/libnss_ldap.so.2
> > 
> >   libnss_ldap?  Huh?  Where did that come from?
> > 
> >   Are you trying to get passwords via the "unix" module, over NSS, using
> > LDAP?
> > 
> 
> 
> The server on which the radiusd is running is configured to authenticate
> users against ldap (via pam) (which is running on the same machine as
> the radiusd server). The ldap server is used only to store user
> information. The passwords are stored into a kerberos database. The
> User-Password ldap attribute is specified as {SASL}<user>@REALM for
> those application that don't understand kerberos and the server is also
> running saslauthd.
> 
> All the other application the server is running which use ldap as
> database are working fine.

Well, regardless; the backtrace CLEARLY shows the problem is in
libnss_ldap i.e. outside FreeRadius.

Are you running nscd? If not, I suggest trying it. That way, the NSS
ldap lookups will happen in the nscd process, and libc should detect
that nscd is running and connect to the unix socket before even
*thinking* about loading the libraries from nssswitch.conf

It is possible that using the LDAP APIs in a certain way is the trigger,
which is why other applications seem fine.




More information about the Freeradius-Users mailing list