[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Bug 1408] Diskless Workstation not working yet


Arthur de Jong <arthur@arthurdejong.org> changed:

           What    |Removed                     |Added
                 CC|                            |arthur@arthurdejong.org

--- Comment #19 from Arthur de Jong <arthur@arthurdejong.org>  2010-01-02 22:39:22 ---
Note that I'm (I'm the main developer on nss-ldapd) not familiar with skolinux
and the specifics of that setup. I assume you are using
>From the bugreport it seems that there is a problem connecting to the LDAP

nslcd: [8e1f29] failed to bind to LDAP server ldap://tjener.intern:389: Can't
contact LDAP server: Connection refused

The error message contains three parts, the first one from nslcd:
  "failed to bind to LDAP server ldap://tjener.intern:389";
the second one from the LDAP library (OpenLDAP):
  "Can't contact LDAP server"
and a thrid from the system libraries (errno):
  "Connection refused"

OpenLDAP does not have very good error reporting so that is why errno is also
there. The problem here is that the "Connection refused" is not from attempting
to connect to the LDAP server but probably from trying to look up tjener.intern
(it could also be from an earlier call).

At least the strace shows that the system tries to do a DNS lookup but fails:

[pid  2522] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 9
[pid  2522] connect(9, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("")}, 28) = 0
[pid  2522] fcntl64(9, F_GETFL)         = 0x2 (flags O_RDWR)
[pid  2522] fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid  2522] gettimeofday({1262450409, 263140}, NULL) = 0
[pid  2522] poll([{fd=9, events=POLLOUT}], 1, 0) = 1 ([{fd=9,
[pid  2522] send(9,
"\204\26\1\0\0\1\0\0\0\0\0\0\6tjener\6intern\0\0\34\0\1"..., 31, MSG_NOSIGNAL)
= 31
[pid  2522] poll([{fd=9, events=POLLIN}], 1, 5000) = 1 ([{fd=9,

Listening for replies on a DNS request (UDP port 53) fails. The strange thing
is the IP address used for the DNS server. Unless I'm mistaken using is
incorrect here. In my normal environment when I strace a hostname lookup the IP
address of my nameserver is used in the connect() call.

All in all I think the problem is DNS related not LDAP related.

Personally I would recommend against using a hostname as LDAP server for
nss-ldapd, precisely for these kind of problems and for the case when
networking is not yet available. If you must (I think it is needed when doing
certificate validation but I'm not sure) your should put the LDAP server in
/etc/hosts (I think this is also a good thing because at some point a IP
address to hostname lookup is done by OpenLDAP).

Note that nslcd hard-codes hostname lookups to do as if the following line was
present in /etc/nsswitch.conf:
  hosts   files dns
This hack is there to prevent a loop where nslcd would have to do a hostname
lookup which would trigger a LDAP lookup (if ldap is in nsswitch.conf), which
would trigger a hostname lookup, etc. I should really investigate a better
solution for this though. Anyway, if your lookup of tjener.intern depends on
some other mechanism than files and/or dns you have a problem.

Anyway, I hope this is somewhat helpful. With some more background
(/etc/nsswitch.conf, /etc/hosts, /etc/resolv.conf, /etc/ldap/ldap.conf,
/etc/nss-ldapd.conf) maybe I can say a little more.

Btw, if you have any nss-ldapd-related bugs feel free to Cc me to the

Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

Reply to: