request for troubleshooting assistance - ldap authentication
I would like some advice/assistance on how to troubleshoot an
authentication issue on a Debian Sarge box.
I had a fiasco today where one box that I recently acquired the
responsibility of administering was set to stable in the sources.list
but was running all sarge packages. I updated libnss-ldap, ssh, libssl,
and bind9 before realizing my error when authentication to my LDAP
server failed. I subsequently uninstalled the etch packages by manually
installing the sarge packages from /var/cache/apt/archives with dpkg -i
<pkgname>.
I rebooted the host and I am still unable to authenticate my ldap users
using password authentication from the console or using SSH. I am able
to authenticate using ssh's key-based auth where I see a message
indicating that I have no name. I also get the users UID number in any
process list, lsof output, or directory listings.
I have verified all of the /etc/pam.d/* files and /etc/nsswitch.conf,
/etc/libnss-ldap.conf, et al. I am able to authenticate to the LDAP
directory from other hosts on the network using the same configuration.
I'm assuming at this point that some package that I have installed and
subsequently uninstalled (most likely libnss-ldap) has not fully
reverted and I am suffering from a bad library or link. Does anyone
have a good method for troubleshooting this beyond using strace to trace
logins and processes, disabling nscd, and/or rebuilding the box? I
would really like to know how to track down this problem and fix it. I
am not giving a lot of configuration details since the configuration is
a known good one. I am more than willing to provide details on request.
Thanks a lot,
(new to debian)
--
Josh Miller - RHCE, VCP
Linux Solutions Provider
Seattle, WA USA
http://itsecureadmin.com/
Reply to: