Re: Problems with nss_ldap - where to start?

Peter Serwe <peter.serwe@xxxxxxxxx> · Wed, 16 Dec 2009 12:34:28 -0800

I'm not really seeing what the response is, running tcpdump -vvv -i lo, output of a whole transaction is:

tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
12:33:48.197928 IP (tos 0x0, ttl  64, id 61456, offset 0, flags [DF], proto: TCP (6), length: 60) ldap.48322 > ldap.ssh: S, cksum 0xaa05 (correct), 805740654:805740654(0) win 32792 <mss 16396,sackOK,timestamp 129781886 0,nop,wscale 7>

12:33:48.204532 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) ldap.ssh > ldap.48322: S, cksum 0x1510 (correct), 807996569:807996569(0) ack 805740655 win 32768 <mss 16396,sackOK,timestamp 129781886 129781886,nop,wscale 7>

12:33:48.198050 IP (tos 0x0, ttl  64, id 61457, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.48322 > ldap.ssh: ., cksum 0xfd33 (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 129781886 129781886>

12:33:48.209188 IP (tos 0x0, ttl  64, id 23780, offset 0, flags [DF], proto: TCP (6), length: 72) ldap.ssh > ldap.48322: P, cksum 0xfe3c (incorrect (-> 0x4771), 1:21(20) ack 1 win 256 <nop,nop,timestamp 129781888 129781886>

12:33:48.209315 IP (tos 0x0, ttl  64, id 61458, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.48322 > ldap.ssh: ., cksum 0xfd1b (correct), 1:1(0) ack 21 win 257 <nop,nop,timestamp 129781888 129781888>

12:33:48.209523 IP (tos 0x0, ttl  64, id 61459, offset 0, flags [DF], proto: TCP (6), length: 72) ldap.48322 > ldap.ssh: P, cksum 0xfe3c (incorrect (-> 0x4757), 1:21(20) ack 21 win 257 <nop,nop,timestamp 129781891 129781888>

12:33:48.209529 IP (tos 0x0, ttl  64, id 23781, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.ssh > ldap.48322: ., cksum 0xfd02 (correct), 21:21(0) ack 21 win 256 <nop,nop,timestamp 129781891 129781891>

12:33:48.209772 IP (tos 0x0, ttl  64, id 61460, offset 0, flags [DF], proto: TCP (6), length: 764) ldap.48322 > ldap.ssh: P 21:733(712) ack 21 win 257 <nop,nop,timestamp 129781891 129781891>
12:33:48.209778 IP (tos 0x0, ttl  64, id 23782, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.ssh > ldap.48322: ., cksum 0xfa2e (correct), 21:21(0) ack 733 win 268 <nop,nop,timestamp 129781891 129781891>

12:33:48.211826 IP (tos 0x0, ttl  64, id 23783, offset 0, flags [DF], proto: TCP (6), length: 756) ldap.ssh > ldap.48322: P 21:725(704) ack 733 win 268 <nop,nop,timestamp 129781891 129781891>
12:33:48.212006 IP (tos 0x0, ttl  64, id 61461, offset 0, flags [DF], proto: TCP (6), length: 76) ldap.48322 > ldap.ssh: P, cksum 0xfe40 (incorrect (-> 0xc918), 733:757(24) ack 725 win 268 <nop,nop,timestamp 129781891 129781891>

12:33:48.214205 IP (tos 0x0, ttl  64, id 23784, offset 0, flags [DF], proto: TCP (6), length: 204) ldap.ssh > ldap.48322: P 725:877(152) ack 757 win 268 <nop,nop,timestamp 129781891 129781891>
12:33:48.215046 IP (tos 0x0, ttl  64, id 61462, offset 0, flags [DF], proto: TCP (6), length: 196) ldap.48322 > ldap.ssh: P 757:901(144) ack 877 win 279 <nop,nop,timestamp 129781891 129781891>

12:33:48.221627 IP (tos 0x0, ttl  64, id 23785, offset 0, flags [DF], proto: TCP (6), length: 772) ldap.ssh > ldap.48322: P 877:1597(720) ack 901 win 279 <nop,nop,timestamp 129781893 129781891>
12:33:48.222696 IP (tos 0x0, ttl  64, id 61463, offset 0, flags [DF], proto: TCP (6), length: 68) ldap.48322 > ldap.ssh: P, cksum 0xfe38 (incorrect (-> 0xe90b), 901:917(16) ack 1597 win 290 <nop,nop,timestamp 129781893 129781893>

12:33:48.256082 IP (tos 0x0, ttl  64, id 23786, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.ssh > ldap.48322: ., cksum 0xf335 (correct), 1597:1597(0) ack 917 win 279 <nop,nop,timestamp 129781903 129781893>

12:33:48.256088 IP (tos 0x0, ttl  64, id 61464, offset 0, flags [DF], proto: TCP (6), length: 100) ldap.48322 > ldap.ssh: P 917:965(48) ack 1597 win 290 <nop,nop,timestamp 129781903 129781903>
12:33:48.256092 IP (tos 0x0, ttl  64, id 23787, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.ssh > ldap.48322: ., cksum 0xf2fb (correct), 1597:1597(0) ack 965 win 279 <nop,nop,timestamp 129781903 129781903>

12:33:48.256269 IP (tos 0x0, ttl  64, id 23788, offset 0, flags [DF], proto: TCP (6), length: 100) ldap.ssh > ldap.48322: P 1597:1645(48) ack 965 win 279 <nop,nop,timestamp 129781903 129781903>
12:33:48.256407 IP (tos 0x0, ttl  64, id 61465, offset 0, flags [DF], proto: TCP (6), length: 116) ldap.48322 > ldap.ssh: P 965:1029(64) ack 1645 win 290 <nop,nop,timestamp 129781903 129781903>

12:33:48.257338 IP (tos 0x0, ttl  64, id 36372, offset 0, flags [DF], proto: TCP (6), length: 254) ldap.36363 > ldap.ldap: P 545516257:545516459(202) ack 552281149 win 257 <nop,nop,timestamp 129781903 129725986>

12:33:48.258726 IP (tos 0x0, ttl  64, id 17236, offset 0, flags [DF], proto: TCP (6), length: 66) ldap.ldap > ldap.36363: P, cksum 0xfe36 (incorrect (-> 0x9e99), 1:15(14) ack 202 win 273 <nop,nop,timestamp 129781903 129781903>

12:33:48.258735 IP (tos 0x0, ttl  64, id 36373, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.36363 > ldap.ldap: ., cksum 0xe62d (correct), 202:202(0) ack 15 win 257 <nop,nop,timestamp 129781903 129781903>

12:33:48.264465 IP (tos 0x0, ttl  64, id 23789, offset 0, flags [DF], proto: TCP (6), length: 132) ldap.ssh > ldap.48322: P 1645:1725(80) ack 1029 win 279 <nop,nop,timestamp 129781903 129781903>
12:33:48.296113 IP (tos 0x0, ttl  64, id 61466, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.48322 > ldap.ssh: ., cksum 0xf226 (correct), 1029:1029(0) ack 1725 win 290 <nop,nop,timestamp 129781913 129781903>

12:33:56.841644 IP (tos 0x0, ttl  64, id 61467, offset 0, flags [DF], proto: TCP (6), length: 196) ldap.48322 > ldap.ssh: P 1029:1173(144) ack 1725 win 290 <nop,nop,timestamp 129784050 129781903>
12:33:56.881279 IP (tos 0x0, ttl  64, id 23790, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.ssh > ldap.48322: ., cksum 0xe0d0 (correct), 1725:1725(0) ack 1173 win 290 <nop,nop,timestamp 129784060 129784050>

12:33:59.378221 IP (tos 0x0, ttl  64, id 23791, offset 0, flags [DF], proto: TCP (6), length: 132) ldap.ssh > ldap.48322: P 1725:1805(80) ack 1173 win 290 <nop,nop,timestamp 129784684 129784050>
12:33:59.378239 IP (tos 0x0, ttl  64, id 61468, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.48322 > ldap.ssh: ., cksum 0xdb96 (correct), 1173:1173(0) ack 1805 win 290 <nop,nop,timestamp 129784684 129784684>

12:34:03.949451 IP (tos 0x0, ttl  64, id 61469, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.48322 > ldap.ssh: F, cksum 0xd71f (correct), 1173:1173(0) ack 1805 win 290 <nop,nop,timestamp 129785826 129784684>

12:34:03.952113 IP (tos 0x0, ttl  64, id 23792, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.ssh > ldap.48322: F, cksum 0xd2a7 (correct), 1805:1805(0) ack 1174 win 290 <nop,nop,timestamp 129785827 129785826>

12:34:03.952132 IP (tos 0x0, ttl  64, id 61470, offset 0, flags [DF], proto: TCP (6), length: 52) ldap.48322 > ldap.ssh: ., cksum 0xd2a6 (correct), 1174:1174(0) ack 1806 win 290 <nop,nop,timestamp 129785827 129785827>

Peter

On Wed, Dec 16, 2009 at 11:47 AM, nate <centos@xxxxxxxxxxxxxxxx> wrote:

Peter Serwe wrote:

> I've been unsuccessfully trying to get nss_ldap to work.  I've chased down

> hundreds of google searches over the last 3 days, and I can't seem to get a

> centos system to authenticate against ldap.

>

> Every daemon on the system is running into the same problem:

Disable all SSL/TLS functions on the server and client and try it

in the most basic mode, if it still doesn't work run tcpdump to

look at what is actually being sent and what the response is.

nate

_______________________________________________

CentOS mailing list

CentOS@xxxxxxxxxx

http://lists.centos.org/mailman/listinfo/centos

-- 
Peter Serwe
http://truthlightway.blogspot.com/

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos