LDAP and SSL issue on RH Linux 2.1

Lam, Eric Eric.Lam at fmr.com
Tue Apr 12 17:42:23 UTC 2005 

Hi all

My first time on this list. Not sure if there is any people here. I will
try my luck.

I am enabling the local user to perform password authentication with
some of our LDAP servers using the pam_ldap modules from nss_ldap
package. Users use telnet/ftp/ssh to logon to this RH Linux 2.1 system.
We have 4 LDAP servers. Every 2 LDAP servers has a BigIP device in front
of them. Two LDAP and one BigIP are for UAT, and the other two LDAP and
one BigIP are for production. I only added the pam_ldap entry into the
/etc/pam.d/system-auth file, there is nothing else changed on the system
- beside the /etc/ldap.conf file. I did the same on Linux 2.1 and 3.0.
3.0 has no issue at all.

On Linux 2.1, when SSL is disabled in /etc/ldap.conf, the system has no
issue to utilitize any LDAP servers and BigIP. The user can logon
without any issue.  

When SSL is enabled (in /etc/ldap.conf) file, the system can only
utilize the two UAT LDAP servers, but it can not communicate properly
with the BigIP and also the two production servers. On the production
LDAP log, I see the following:

  [07/Apr/2005:16:25:20 -0400] conn=302833 fd=188 slot=188 SSL
connection from 172.26.30.52 to 172.26.30.13
  [07/Apr/2005:16:25:20 -0400] conn=302833 op=-1 fd=188 closed error
-12195 (unknown) - B1

The other error that I captured is running "sshd -d". When a user ssh to
this Linux 2.1 system, the sshd show this error and disconnected.

   debug1: userauth_banner: sent
   Failed none for a232524 from 10.37.63.30 port 38517 ssh2
   debug1: userauth-request for user a232524 service ssh-connection
method password
   debug1: attempt 1 failures 1
   sshd: ../../../libraries/libldap/cyrus.c:418: ldap_int_sasl_open:
Assertion `lc->lconn_sasl_ctx == ((void *)0)' failed.
   Aborted

Here is what I am using on the RH Linux 2.1 system:
  -  openldap-2.0.27-4.7
  -  openldap-clients-2.0.27-4.7
  -  nss_ldap-189-9
  -  openssl-0.9.6b-36

I have compiled the pam_ldap 176 from padl.com, but the result is the
same. I also tested and compiled it with my own SSL 097d and OpenLDAP
2217, but it did not change anything. 

All LDAP servers are SUN iPlanet 5.0. RH Linux 3.0 has no issue at all
to any LDAP servers and BigIP using SSL or non-SSL. All my Solaris 2.6
to 9 has no issue too. It is the RH Linux 2.1 that has this issue.

I am not sure what else I can capture. Please let me know if you need
more information from this Linux 2.1 system.

Thanks a in advance for any help.

Eric

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20050412/5215efa0/attachment.htm>

More information about the redhat-sysadmin-list mailing list