[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Server causing panic *New Question*

Since Red Hat released a new set of OpenSSL updates in the last couple of
days, this might have affected you.  The OpenSSL advisories suggest you
recompile any binaries using OpenSSL.  Don't know if you have.  You might
want to try that.
HTH
-Alan

Caylan Van Larson said:
> Ian,
>
> [root@betamax /]# ldd /lib/security/pam_ldap.so
>         libldap.so.2 => /usr/lib/libldap.so.2 (0x40018000)
>         liblber.so.2 => /usr/lib/liblber.so.2 (0x4003d000)
>         libcrypt.so.1 => /lib/libcrypt.so.1 (0x40047000)
>         libcrypto.so.2 => /lib/libcrypto.so.2 (0x40074000)
>         libresolv.so.2 => /lib/libresolv.so.2 (0x4013a000)
>         libpam.so.0 => /lib/libpam.so.0 (0x4014a000)
>         libdl.so.2 => /lib/libdl.so.2 (0x40152000)
>         libc.so.6 => /lib/libc.so.6 (0x40156000)
>         libssl.so.2 => /lib/libssl.so.2 (0x4027d000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
> [root@betamax /]# ldd /lib/libssl.so.2
>         libcrypto.so.2 => /lib/libcrypto.so.2 (0x4003b000)
>         libdl.so.2 => /lib/libdl.so.2 (0x40102000)
>         libc.so.6 => /lib/libc.so.6 (0x40105000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
>
> Thats what I dont get, shouldnt the error...
> [dlerror: /lib/libssl.so.2: undefined symbol: OpenSSLDie]
> ... be present on an 'ldd'?  I should see something...
>
> By the way, these are non-fatal errors.  Users are still able to ssh in.
>
> openldap was compiled from source.  Everything was working fine until
> last  night.  The only 2 things I did was do a "rpm -Fvh *" on the
> 7.3-updates  from updates.redhat.com and tweak my pam.d config files
> (changing the  order of pam_ldap.so/pam_unix.so).  Needless to say I
> reverted back to my  old sshd files in pam.d.
>
> Thanks for your help,
>
>
> Caylan Van Larson
>
> ps: heres the list of 7.3 updates, I added a * for possible culprits:
>
> apache-1.3.23-14.i386.rpm
> apache-devel-1.3.23-14.i386.rpm
> apache-manual-1.3.23-14.i386.rpm
> bind-9.2.1-0.7x.i386.rpm
> bind-devel-9.2.1-0.7x.i386.rpm
> bind-utils-9.2.1-0.7x.i386.rpm
> cpp-2.96-112.i386.rpm
> dateconfig-0.7.5-7.i386.rpm
> ethereal-0.9.4-0.7.3.0.i386.rpm
> ethereal-gnome-0.9.4-0.7.3.0.i386.rpm
> evolution-1.0.3-6.i386.rpm
> fetchmail-5.9.0-11.i386.rpm
> fetchmailconf-5.9.0-11.i386.rpm
> gcc-2.96-112.i386.rpm
> gcc-c++-2.96-112.i386.rpm
> gcc-chill-2.96-112.i386.rpm
> gcc-g77-2.96-112.i386.rpm
> gcc-java-2.96-112.i386.rpm
> gcc-objc-2.96-112.i386.rpm
> gdb-5.2-2.i386.rpm
> ghostscript-6.52-9.4.i386.rpm
> glibc-2.2.5-36.i386.rpm
> glibc-2.2.5-37.i386.rpm
> glibc-common-2.2.5-36.i386.rpm
> glibc-common-2.2.5-37.i386.rpm
> glibc-debug-2.2.5-36.i386.rpm
> glibc-debug-2.2.5-37.i386.rpm
> glibc-debug-static-2.2.5-36.i386.rpm
> glibc-debug-static-2.2.5-37.i386.rpm
> glibc-devel-2.2.5-36.i386.rpm
> glibc-devel-2.2.5-37.i386.rpm
> glibc-kernheaders-2.4-7.16.i386.rpm
> glibc-profile-2.2.5-36.i386.rpm
> glibc-profile-2.2.5-37.i386.rpm
> glibc-utils-2.2.5-36.i386.rpm
> glibc-utils-2.2.5-37.i386.rpm
> kernel-2.4.18-5.i386.rpm
> kernel-doc-2.4.18-5.i386.rpm
> kernel-source-2.4.18-5.i386.rpm
> libstdc++-2.96-112.i386.rpm
> libstdc++-devel-2.96-112.i386.rpm
> losetup-2.11n-12.7.3.i386.rpm
> LPRng-3.8.9-4.i386.rpm
> mailman-2.0.11-1.i386.rpm
> miniChinput-0.0.3-20.i386.rpm
> mod_python-2.7.8-1.i386.rpm
> mod_ssl-2.8.7-6.i386.rpm
> mount-2.11n-12.7.3.i386.rpm
> mozilla-0.9.9-12.7.3.i386.rpm
> mozilla-chat-0.9.9-12.7.3.i386.rpm
> mozilla-devel-0.9.9-12.7.3.i386.rpm
> mozilla-dom-inspector-0.9.9-12.7.3.i386.rpm
> mozilla-js-debugger-0.9.9-12.7.3.i386.rpm
> mozilla-mail-0.9.9-12.7.3.i386.rpm
> mozilla-nspr-0.9.9-12.7.3.i386.rpm
> mozilla-nspr-devel-0.9.9-12.7.3.i386.rpm
> * mozilla-nss-0.9.9-12.7.3.i386.rpm
> * mozilla-nss-devel-0.9.9-12.7.3.i386.rpm
> mozilla-psm-0.9.9-12.7.3.i386.rpm
> * nscd-2.2.5-36.i386.rpm
> * nscd-2.2.5-37.i386.rpm
> * nss_ldap-189-2.i386.rpm
> openssh-3.1p1-6.i386.rpm
> openssh-askpass-3.1p1-6.i386.rpm
> openssh-askpass-gnome-3.1p1-6.i386.rpm
> openssh-clients-3.1p1-6.i386.rpm
> openssh-server-3.1p1-6.i386.rpm
> openssl095a-0.9.5a-14.i386.rpm
> openssl096-0.9.6-9.i386.rpm
> openssl-0.9.6b-24.i386.rpm
> openssl-devel-0.9.6b-24.i386.rpm
> openssl-perl-0.9.6b-24.i386.rpm
> perl-Digest-MD5-2.20-1.i386.rpm
> psmisc-20.2-3.73.i386.rpm
> sane-backends-1.0.7-6.1.i386.rpm
> sane-backends-devel-1.0.7-6.1.i386.rpm
> squid-2.4.STABLE6-6.7.3.i386.rpm
> ucd-snmp-4.2.5-7.73.0.i386.rpm
> ucd-snmp-devel-4.2.5-7.73.0.i386.rpm
> ucd-snmp-utils-4.2.5-7.73.0.i386.rpm
> util-linux-2.11n-12.7.3.i386.rpm
> xchat-1.8.9-1.73.0.i386.rpm
>
>
> However, some of those would not have been touched:
>
> [root@betamax 7.3-updates]# rpm -qa | grep nss
> mozilla-nss-0.9.9-12.7.3
> openssh-askpass-gnome-3.1p1-6
> openssh-askpass-3.1p1-6
> openssh-clients-3.1p1-6
> openssl-0.9.6b-24
> mozilla-nss-devel-0.9.9-12.7.3
> openssh-3.1p1-6
> openssh-server-3.1p1-6
>
> [root@betamax 7.3-updates]# rpm -qa | grep open
> openmotif-2.2.2-5
> openssh-askpass-gnome-3.1p1-6
> openjade-1.3.1-4
> openssh-askpass-3.1p1-6
> openssh-clients-3.1p1-6
> openssl-0.9.6b-24
> openmotif-devel-2.2.2-5
> openssh-3.1p1-6
> openssh-server-3.1p1-6
>
>
> Thanks (again)
>
>
> Caylan
>
>
>
>
> On Thu, 1 Aug 2002, Ian Ballantyne wrote:
>
>> Hi Caylan,
>>
>> First I am assuming your /lib/security/pam_ldap.so and
>> /lib/libssl.so.2 are  there and ok.  If they are, then it looks like
>> something in PAM has been  compiled against a different version of one
>> of these system libraries,  although you should also check your ldap
>> server (did you compile from source  of install from a rpm?)  You
>> should check the dependencies in the pam_ldap  module with "ldd
>> pam_ldap.so".  This will give you more information and  hopefully some
>> better idea of what is happening.
>>
>> Ian
>>
>>
>> On Thursday 01 August 2002 19:06, you wrote:
>> > The client system is a 2-proc Dell Poweredge running RedHat 7.3.  I
>> am running NSCD.  When I say Crash/Lockup I mean any authentication
>> just hangs indefinately.  Users logged in are still able to do work.
>> >
>> > But here is another one, anyone know what the heck this is???
>> >
>> > --SNIP
>> > Aug  1 11:17:26 betamax sshd[8101]: PAM unable to
>> > dlopen(/lib/security/pam_ldap.so)
>> > Aug  1 11:17:26 betamax sshd[8101]: PAM [dlerror: /lib/libssl.so.2:
>> undefined symbol: OpenSSLDie] Aug  1 11:17:26
>> > betamax sshd[8101]: PAM adding faulty module:
>> /lib/security/pam_ldap.so
>> Aug 1 11:25:39 betamax sshd[8538]: PAM unable to
>> dlopen(/lib/security/pam_ldap.so)
>> Aug  1 11:25:39 betamax sshd[8538]: PAM
>> > [dlerror: /lib/libssl.so.2: undefined symbol: OpenSSLDie] Aug  1
>> 11:25:39 betamax sshd[8538]: PAM adding faulty module:
>> /lib/security/pam_ldap.so Aug
>> >  1 11:32:31 betamax sshd[8873]: PAM unable to
>> > dlopen(/lib/security/pam_ldap.so) Aug  1 11:32:31 betamax
>> sshd[8873]: PAM [dlerror: /lib/libssl.so.2: undefined symbol:
>> OpenSSLDie] Aug  1 11:32:31 betamax sshd[8873]: PAM adding faulty
>> module: /lib/security/pam_ldap.so Aug
>> >  1 11:32:48 betamax sshd[8887]: PAM unable to
>> > dlopen(/lib/security/pam_ldap.so) Aug  1 11:32:48 betamax
>> sshd[8887]: PAM [dlerror: /lib/libssl.so.2: undefined symbol:
>> OpenSSLDie] Aug  1 11:32:48 betamax sshd[8887]: PAM adding faulty
>> module: /lib/security/pam_ldap.so --SNAP
>> >
>> > Help, this week has been a bad one.
>>


===========
Alan Sparks, UNIX/Linux Systems Administrator
<asparks@doublesparks.net>