From andras.horvath@cern.ch Wed Jul 1 13:15:49 2009 Received: from cernmx20.cern.ch (cernmx20.cern.ch [137.138.166.184]) by underdog.stansell.org (8.14.3/8.14.3) with ESMTP id n61DFgro029365 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL) for ; Wed, 1 Jul 2009 13:15:48 GMT Received: from pcitadc01.cern.ch (137.138.33.142) by cernmxlb.cern.ch (137.138.166.163) with Microsoft SMTP Server id 8.1.375.2; Wed, 1 Jul 2009 15:15:40 +0200 Received: by pcitadc01.cern.ch (Postfix, from userid 1000) id 88F9114DC247; Wed, 1 Jul 2009 15:15:40 +0200 (CEST) Date: Wed, 1 Jul 2009 15:15:40 +0200 From: To: "users@conserver.com" Subject: Re: conserver exit on failed NSS lookup Message-ID: <20090701131540.GA7799@cern.ch> Mail-Followup-To: "users@conserver.com" References: <20090622143929.GI4923@cern.ch> <20090622221118.GD3436@underdog.stansell.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Disposition: inline In-Reply-To: <20090622221118.GD3436@underdog.stansell.org> User-Agent: Mutt/1.5.18 (2008-05-17) X-Spam-Score: -1.223 () BAYES_00,WEIRD_PORT X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2009 13:15:49 -0000 On Tue, Jun 23, 2009 at 12:11:18AM +0200, Bryan Stansell wrote: > Anyway, maybe that helps clear things up...but if conserver is really > exiting, I hope there's some way to tell the PAM bits to not do that. > Running in debug mode (-D) might help see things too. Do you get any > "CheckPass():" entries in the log file? PAM issues should be logged Okay, I got it reproduced. It looks like one thread/process dies; the assert() error message actually comes from nss_ldap, and assert() calls abort() which seems to always exit no matter what. Thus, there's precious little conserver can do, other than restarting the process in question somehow (or kill the rest of them with it). FTR, client side: raas@pcitadc01:~$ console -l ahorvath -M lxc1rg27 -p 7782 lxb7726 Enter ahorvath@lxc1rg27.cern.ch's password: lxc1rg27: invalid password Enter ahorvath@lxc1rg27.cern.ch's password: console: FileRead(): SSL error on fd 4 console: lost connection raas@pcitadc01:~$ console -l ahorvath -M lxc1rg27 -p 7782 lxb7726 console: connect(): 7782@lxc1rg27: Connection refused raas@pcitadc01:~$ also on the server, logging in locally, connection is refused even though some threads are still running: [root@lxc1rg27 ~]# console -x console: connect(): 7782@localhost: Connection refused [root@lxc1rg27 ~]# ps axuw | grep cons uucp 2952 0.0 0.1 50188 1540 ? S Jun23 0:06 /usr/sbin/conserver -d -D -D -L /var/log/console/__server.log uucp 2981 0.0 0.1 50188 1540 ? S Jun23 0:00 /usr/sbin/conserver -d -D -D -L /var/log/console/__server.log uucp 3002 0.0 0.1 50188 1560 ? S Jun23 0:00 /usr/sbin/conserver -d -D -D -L /var/log/console/__server.log root 9856 0.0 0.0 61148 704 pts/0 R+ 14:57 0:00 grep cons [root@lxc1rg27 ~]# Server side logs, running with -D, featuring the PAM error message as well (changed password in the log below - but I had to supply the real password for the failure to happen) [Wed Jul 1 14:55:23 2009] conserver (2906): DEBUG: [cutil.c:1206] FileWrite(): sending `passwd? lxc1rg27.cern.ch^M^J' to fd 4 [Wed Jul 1 14:55:23 2009] conserver (2906): DEBUG: [cutil.c:1368] FileWrite(): wrote 26 bytes to fd 4 [Wed Jul 1 14:55:27 2009] conserver (2906): DEBUG: [cutil.c:1134] FileRead(): read 14 bytes from fd 4 [Wed Jul 1 14:55:27 2009] conserver (2906): DEBUG: [cutil.c:1147] FileRead(): read `mypasswd^M^J' from fd 4 [Wed Jul 1 14:55:27 2009] conserver (2906): DEBUG: [cutil.c:491] ReadLine(): returning <*any*:*passwd*> [Wed Jul 1 14:55:27 2009] conserver (2906): DEBUG: [group.c:771] CheckPass(): pam_start(conserver,ahorvath,...) [Wed Jul 1 14:55:27 2009] conserver (2906): DEBUG: [group.c:776] CheckPass(): pam_authenticate(ahorvath) conserver: ldap-nss.c:1319: do_init: Assertion `cfg->ldc_uris[__session.ls_current_uri] != ((void *)0)' failed. [Wed Jul 1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1134] FileRead(): read 28 bytes from fd 13 [Wed Jul 1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1147] FileRead(): read `^[PHB:lxb7728.cern.ch:68234^[\' from fd 13 [Wed Jul 1 14:55:28 2009] conserver (2981): DEBUG: [group.c:2540] DoConsoleRead(): read 28 bytes from fd 13 [Wed Jul 1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1206] FileWrite(): sending `^[PHB:lxb7728.cern.ch:68234^[\' to fd 12 [Wed Jul 1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1368] FileWrite(): wrote 28 bytes to fd 12 [Wed Jul 1 14:55:28 2009] conserver (2981): DEBUG: [group.c:4482] Kiddie(): select timeout of 33 seconds [Wed Jul 1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1134] FileRead(): read 28 bytes from fd 7 [Wed Jul 1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1147] FileRead(): read `^[PHB:lxb7731.cern.ch:60776^[\' from fd 7 [Wed Jul 1 14:55:29 2009] conserver (2981): DEBUG: [group.c:2540] DoConsoleRead(): read 28 bytes from fd 7 [Wed Jul 1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1206] FileWrite(): sending `^[PHB:lxb7731.cern.ch:60776^[\' to fd 6 [Wed Jul 1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1368] FileWrite(): wrote 28 bytes to fd 6 Andras