Updated computers to current Rawhide and broke NFS & NSS/LDAP

Derek P. Moore derekm at hackunix.org
Wed Sep 29 03:01:47 UTC 2004


I've just sync'd three of my computers to Rawhide, and NFS and LDAP are
now broken on each.

I get the following when I do a 'service nfs start':

Starting NFS services:                                     [  OK  ]
Starting NFS quotas: get_myaddress: getifaddrs: Bad address
                                                           [FAILED]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd: get_myaddress: getifaddrs: Socket operation on non-
socket
                                                           [FAILED]


I'd been following Rawhide on my laptop, and everything was seeming
stable, so I decided to update two of my servers...  Since my laptop
only mounts NFS and doesn't serve up any shares, of course I didn't
notice the NFS problems till too late.

My primary server, germ, which provides LDAP & Kerberos to the other
computers, is having problems with nss_ldap authenticating as the binddn
in /etc/ldap.conf to the localhost slapd for NSS info.  When users try
to log into germ, NSS doesn't work for them.  When logged in as root, it
has no problem authenticating as rootbinddn with the password
in /etc/ldap.secret.

In my logs the following errors have started to appear in various forms:

Sep 28 21:45:05 germ crond[3652]: nss_ldap: reconnecting to LDAP
server...
Sep 28 21:45:05 germ crond[3653]: nss_ldap: reconnected to LDAP server
after 1 attempt(s)

Sep 28 21:47:19 germ saslauthd[2303]: auth_krb5:
krb5_get_init_creds_password
Sep 28 21:47:19 germ saslauthd[2303]: do_auth         : auth failure:
[user=ldap] [service=ldap] [realm=] [mech=kerberos5] [reason=saslauthd
internal error]

When I run 'testsaslauthd -u ldap -s ldap -p secret' (which is how
binddn and bindpw try to authenticate in /etc/ldap.conf), it says
"Success!"

In /var/log/slapd, I'm gettin things like:

Sep 28 19:27:20 germ slapd[5280]: connection_input: conn=8 deferring
operation: binding
Sep 28 19:27:20 germ slapd[5280]: conn=8 op=2 BIND
dn="uid=ldap,ou=Users,dc=hackunix,dc=org" method=128
Sep 28 19:27:20 germ slapd[5280]: SASL [conn=8] Error: unable to open
Berkeley db /etc/sasldb2: No such file or directory
Sep 28 19:27:20 germ last message repeated 2 times

I wish I could be less vague...  But I'm not able to figure out much
more than what I've just said.  I'm digging everywhere, trying to figure
out what changed that broke these two ever important functionalities.

I know my way around my systems...  I configured this tangled mess of
LDAP + Kerberos + SASL + NSS/PAM + NFS in the first place...

I've done 'find / -name *.rpmsave' and 'find / -name *.rpmnew' and
compared all the changes...  Everything seems fine.

Any ideas?  What's up with NFS?  And why can root do nss_ldap, but not
users?

Thanks much,

Derek P. Moore




More information about the fedora-devel-list mailing list