[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Strangeness with nss ldap padl module and openssh
Hi - I am having a weird issue with now using the nss ldap padl module and
openssh
with accounts in ldap. When I built the module at first, I used the
--enable-debugging
flag to the configure script, and everything worked. Now I want to turn off
the debugging
output, so I went and recompiled it using the same flags to configure, just
minus the
--enable-debugging one. But now here is what happens when I try to ssh now
with
the new, non-debugging version:
warning: Authentication failed.
Disconnected; connection lost (Connection closed.).
If I run ssh with -v -v -v, here is the output:
wp-app-3:/<2>openldap/padl/nss_ldap-209 %> /usr/local/bin/ssh -v -v -v
fred@wp-app-3.webtech.com
debug: SshAppCommon/sshappcommon.c:138/ssh_app_get_global_regex_context:
Allocating global SshRegex context.
debug: SshConfig/sshconfig.c:3031/ssh2_parse_config_ext: Metaconfig parsing
stopped at line 3.
debug: SshConfig/sshconfig.c:2938/ssh2_parse_config_ext: Unable to open
//.ssh2/ssh2_config
debug: Connecting to wp-app-3.webtech.com, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2380/main: Entering event loop.
debug: Ssh2Client/sshclient.c:1440/ssh_client_wrap: Creating transport
protocol.
debug:
SshAuthMethodClient/sshauthmethodc.c:91/ssh_client_authentication_initialize
: Added "publickey" to usable methods.
debug:
SshAuthMethodClient/sshauthmethodc.c:91/ssh_client_authentication_initialize
: Added "keyboard-interactive" to usable methods.
debug:
SshAuthMethodClient/sshauthmethodc.c:91/ssh_client_authentication_initialize
: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1481/ssh_client_wrap: Creating userauth
protocol.
debug: client supports 3 auth methods:
'publickey,keyboard-interactive,password'
debug: Ssh2Common/sshcommon.c:584/ssh_common_wrap: local ip = 10.14.12.33,
local port = 34402
debug: Ssh2Common/sshcommon.c:586/ssh_common_wrap: remote ip = 10.14.12.33,
remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2414/ssh_readline_eloop_initialize:
Initializing ReadLine...
debug: Remote version: SSH-1.99-OpenSSH_3.6p1
debug: OpenSSH: Major: 3 Minor: 6 Revision: 0
debug: Ssh2Transport/trcommon.c:1518/ssh_tr_input_version: All versions of
OpenSSH handle kex guesses incorrectly.
debug: Ssh2Common/sshcommon.c:168/ssh_common_disconnect: DISCONNECT
received: Connection closed.
debug: SshReadLine/sshreadline.c:2472/ssh_readline_eloop_uninitialize:
Uninitializing ReadLine...
warning: Authentication failed.
debug: Ssh2/ssh2.c:168/client_disconnect: locally_generated = TRUE
Disconnected; connection lost (Connection closed.).
debug: Ssh2Client/sshclient.c:1519/ssh_client_destroy: Destroying client.
debug: SshConfig/sshconfig.c:2539/ssh_config_pki_free: Freeing pki.
(host_pki != NULL, user_pki = NULL)
debug: Ssh2Common/sshcommon.c:709/ssh_common_destroy: Destroying SshCommon
object.
debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn
object.
debug: Ssh2Client/sshclient.c:1587/ssh_client_destroy_finalize: Destroying
client completed.
debug:
SshAuthMethodClient/sshauthmethodc.c:95/ssh_client_authentication_uninitiali
ze: Destroying authentication method array.
debug: SshAppCommon/sshappcommon.c:151/ssh_app_free_global_regex_context:
Freeing global SshRegex context.
debug: SshConfig/sshconfig.c:2539/ssh_config_pki_free: Freeing pki.
(host_pki = NULL, user_pki = NULL)
wp-app-3:/<2>openldap/padl/nss_ldap-209 %> /usr/local/bin/ssh
fred@wp-app-3.webtech.com
Also here is the output from the working version with the debugging
statements:
wp-app-3:/<2>openldap/padl/nss_ldap-209 %> /usr/local/bin/ssh -v -v -v
fred@wp-app-3.webtech.com
nss_ldap: ==> _nss_ldap_default_constr
nss_ldap: <== _nss_ldap_default_constr
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_getbyname
nss_ldap: ==> _nss_ldap_search_s
nss_ldap: ==> do_open
nss_ldap: ==> do_close_no_unbind
nss_ldap: <== do_close_no_unbind (connection was not open)
nss_ldap: ==> ldap_initialize
nss_ldap: <== ldap_initialize
nss_ldap: ==> do_ssl_options
nss_ldap: <== do_ssl_options
nss_ldap: ==> do_bind
nss_ldap: <== do_bind
nss_ldap: ==> do_set_sockopts
nss_ldap: <== do_set_sockopts
nss_ldap: <== do_open
nss_ldap: ==> do_filter
nss_ldap: :== do_filter: (&(objectclass=posixAccount)(uidNumber=0))
nss_ldap: <== do_filter
nss_ldap: ==> do_with_reconnect
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_search_s
nss_ldap: <== do_search_s
nss_ldap: <== do_with_reconnect
nss_ldap: <== _nss_ldap_search_s
nss_ldap: ==> do_parse_s
nss_ldap: <== do_parse_s
nss_ldap: ==> _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_ent_context_release
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_getbyname
debug: SshAppCommon/sshappcommon.c:138/ssh_app_get_global_regex_context:
Allocating global SshRegex context.
debug: SshConfig/sshconfig.c:3031/ssh2_parse_config_ext: Metaconfig parsing
stopped at line 3.
debug: SshConfig/sshconfig.c:2938/ssh2_parse_config_ext: Unable to open
//.ssh2/ssh2_config
debug: Connecting to wp-app-3.webtech.com, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2380/main: Entering event loop.
debug: Ssh2Client/sshclient.c:1440/ssh_client_wrap: Creating transport
protocol.
debug:
SshAuthMethodClient/sshauthmethodc.c:91/ssh_client_authentication_initialize
: Added "publickey" to usable methods.
debug:
SshAuthMethodClient/sshauthmethodc.c:91/ssh_client_authentication_initialize
: Added "keyboard-interactive" to usable methods.
debug:
SshAuthMethodClient/sshauthmethodc.c:91/ssh_client_authentication_initialize
: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1481/ssh_client_wrap: Creating userauth
protocol.
debug: client supports 3 auth methods:
'publickey,keyboard-interactive,password'
debug: Ssh2Common/sshcommon.c:584/ssh_common_wrap: local ip = 10.14.12.33,
local port = 34413
debug: Ssh2Common/sshcommon.c:586/ssh_common_wrap: remote ip = 10.14.12.33,
remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2414/ssh_readline_eloop_initialize:
Initializing ReadLine...
debug: Remote version: SSH-1.99-OpenSSH_3.6p1
debug: OpenSSH: Major: 3 Minor: 6 Revision: 0
debug: Ssh2Transport/trcommon.c:1518/ssh_tr_input_version: All versions of
OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport/trcommon.c:1911/ssh_tr_negotiate: lang s to c: `', lang
c to s: `'
debug: Ssh2Transport/trcommon.c:1977/ssh_tr_negotiate: c_to_s: cipher
aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1980/ssh_tr_negotiate: s_to_c: cipher
aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:379/ssh_common_special: Received
SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:429/ssh_common_special: Received
SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_getbyname
nss_ldap: ==> _nss_ldap_search_s
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_filter
nss_ldap: :== do_filter: (&(objectclass=posixAccount)(uidNumber=0))
nss_ldap: <== do_filter
nss_ldap: ==> do_with_reconnect
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_search_s
nss_ldap: <== do_search_s
nss_ldap: <== do_with_reconnect
nss_ldap: <== _nss_ldap_search_s
nss_ldap: ==> do_parse_s
nss_ldap: <== do_parse_s
nss_ldap: ==> _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_ent_context_release
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_getbyname
debug: SshConfig/sshconfig.c:2938/ssh2_parse_config_ext: Unable to open
//.ssh2/identification
debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method
'publickey' disabled.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
Starting password query...
fred's password:
debug: Ssh2Common/sshcommon.c:339/ssh_common_special: Received
SSH_CROSS_AUTHENTICATED packet from connection protocol.
debug: SshReadLine/sshreadline.c:2472/ssh_readline_eloop_uninitialize:
Uninitializing ReadLine...
Authentication successful.
debug: Ssh2Common/sshcommon.c:908/ssh_common_new_channel: num_channels now 1
warning: Cannot connect to DISPLAY; X11 forwarding disabled.
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==>
_nss_ldap_getbyname
nss_ldap: ==> _nss_ldap_search_s
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_filter
nss_ldap:
:== do_filter: (&(objectclass=posixAccount)(uidNumber=0))
nss_ldap: <== do_filter
nss_ldap: ==> do_with_reconnect
nss_ldap: ==>
do_open
nss_ldap: <== do_open
nss_ldap: ==> do_search_s
nss_ldap: <== do_search_s
nss_ldap: <== do_with_reconnect
nss_ldap: <==
_nss_ldap_search_s
nss_ldap: ==> do_parse_s
nss_ldap: <== do_parse_s
nss_ldap: ==> _nss_ldap_ent_context_release
nss_ldap: <==
_nss_ldap_ent_context_release
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_getbyname
Last
login: Wed Jul 2 16:15:12 2003 from localhost
Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
nss_ldap: ==> _nss_ldap_default_destr
nss_ldap: <== _nss_ldap_default_destr
nss_ldap: ==> _nss_ldap_default_constr
nss_ldap: <== _nss_ldap_default_constr
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_getbyname
nss_ldap: ==> _nss_ldap_search_s
nss_ldap: ==> do_open
nss_ldap: ==> do_close_no_unbind
nss_ldap: <== do_close_no_unbind (connection was not open)
nss_ldap: ==> ldap_initialize
nss_ldap: <== ldap_initialize
nss_ldap: ==> do_ssl_options
nss_ldap: <== do_ssl_options
nss_ldap: ==> do_bind
nss_ldap: <== do_bind
nss_ldap: ==> do_set_sockopts
nss_ldap: <== do_set_sockopts
nss_ldap: <== do_open
nss_ldap: ==> do_filter
nss_ldap: :== do_filter: (&(objectclass=posixAccount)(uidNumber=199))
nss_ldap: <== do_filter
nss_ldap: ==> do_with_reconnect
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_search_s
nss_ldap: <== do_search_s
nss_ldap: <== do_with_reconnect
nss_ldap: <== _nss_ldap_search_s
nss_ldap: ==> do_parse_s
nss_ldap: <== do_parse_s
nss_ldap: ==> _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_ent_context_release
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_getbyname
Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
nss_ldap: ==> _nss_ldap_default_constr
nss_ldap: <== _nss_ldap_default_constr
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_getbyname
nss_ldap: ==> _nss_ldap_search_s
nss_ldap: ==> do_open
nss_ldap: ==> do_close_no_unbind
nss_ldap: <== do_close_no_unbind (connection was not open)
nss_ldap: ==> ldap_initialize
nss_ldap: <== ldap_initialize
nss_ldap: ==> do_ssl_options
nss_ldap: <== do_ssl_options
nss_ldap: ==> do_bind
nss_ldap: <== do_bind
nss_ldap: ==> do_set_sockopts
nss_ldap: <== do_set_sockopts
nss_ldap: <== do_open
nss_ldap: ==> do_filter
nss_ldap: :== do_filter: (&(objectclass=posixAccount)(uidNumber=199))
nss_ldap: <== do_filter
nss_ldap: ==> do_with_reconnect
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_search_s
nss_ldap: <== do_search_s
nss_ldap: <== do_with_reconnect
nss_ldap: <== _nss_ldap_search_s
nss_ldap: ==> do_parse_s
nss_ldap: <== do_parse_s
nss_ldap: ==> _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_ent_context_release
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_getbyname
Any ideas as to why it is behaving this way? Both were built with --enable
shared,
--with-ldap-lib=openldap and --with-ldap-dir=/usr/local and the same build
environment.
Also is there a way to turn off the debugging statements short of
recompiling? Is there
say an option for ldap.conf to quiet it? Thanks - Michael
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.