This week we experienced some login failures with the astro network. The symptoms were as follows. The user could not log in as himself/herself under our linux boxes. However, root login continued to be successful. Errors in /var/log/messages indicated an error which suggested the ldap server could not be contacted.
To fix this problem, we first looked at /etc/ldap.conf which had a line like “host 127.0.0.1″ which was not the proper configuration for our network(the ldap server is ldap.carleton.edu”.
To fix this we reinstalled the carletonldapauth rpm located in /etc/secret/RPMS/.
However, this did not fix our error. The error we were now getting in /var/log/messages was an invalid credentials error when trying to bind with the ldap server. After calling ITS admins to see the logs on the server side of things we noted that our astro machines were trying to bind to the ldap server as root. This is incorrect. After discussing the matter further we determined that a newer version of carletonldapauth had been created which was not on the astro network.
This should have been installed automatically by our scripts that we run on the astro network. However, ITS had recently changed the cert on the server which broke our updates. After installing the new cert(located in /etc/secret/RPMS), installing some missing packages on some of the machines(openssl-perl) and installing the new carletonldapauth everything is back to normal.
Be First to Comment