SSL peer reports incorrect Message Authentication Code in versions >= 1.2.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Juan Asensio S?nchez wrote:
> Hi
>
> 2010/5/3 Rich Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
>
>     > We are having trouble since we have updated from version 1.1.3 to
>     > 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients into LDAP.
>     > When we try to make "getent group", we only get one group and its
>     > members, but no the rest of the groups (should be more than 1000
>     groups).
>     What platform?  32-bit or 64-bit?
>     How many groups?  Do you only get this error when you attempt a search
>     to return this many groups?
>
>
> "getent group" should return the local groups (that are show fine) and 
> about 729 LDAP groups.
How many groups total?  Roughly how many members?  I'm trying to get 
some idea about how many entries and how many bytes should be returned.
> If I do the same search with the command ldapsearch,
ldapsearch to ldaps://hostname:636/ or ldap://hostname:389/ ?
> all groups and their attributes are returned. All 32 bits (client and 
> server), versions:
>
> Server: CentOS release 5.4 (Final), Linux XXXXXXXXXXXXXXX 
> 2.6.18-164.15.1.el5.centos.plusPAE #1 SMP Wed Mar 17 20:42:15 EDT 2010 
> i686 i686 i386 GNU/Linux
> Client: CentOS release 5.4 (Final), Linux localhost.localdomain 
> 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 
> GNU/Linux
>
> When running "getent group", the file /var/log/messages throws theses 
> errors:
>
> May  3 12:36:50 localhost getent: nss_ldap: reconnected to LDAP server 
> ldaps://XXXXXXXXX after 1 attempt
> May  3 12:37:10 localhost getent: nss_ldap: could not get LDAP result 
> - Timed out
>
> The "Timed out" message is because LDAP server has dropped the 
> connection when it receives "SSL peer reports incorrect Message 
> Authentication Code", and happens (I think) after reading the entry of 
> the first group, so the rest of the groups are not shown.
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux