LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-09-2010, 11:08 AM   #1
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,462
Blog Entries: 6

Rep: Reputation: 51
What does the log says?


I have CentOS where I have configured Fedora DS based on OpenLDAP.
I have been connecting from Windows Client but everytime it says "LDAP Server not up".I have captured logs which do get displayed during putty is open too.
Code:
[root@389-ds ~]# tail -f /var/log/messages
Jan 10 02:16:02 localhost dhclient: DHCPREQUEST on eth0 to 10.209.1.250 port 67
Jan 10 02:16:02 localhost dhclient: DHCPACK from 10.209.1.250
Jan 10 02:16:03 localhost dhclient: bound to 10.209.37.91 -- renewal in 113158 seconds.
Jan 10 02:16:23 localhost kernel: type=1400 audit(1263069983.026:1183): avc:  denied  { write } for  pid=5908 comm="vi" name="resolv.conf" dev=sda3 ino=1433357 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
Jan 10 02:16:38 localhost kernel: type=1400 audit(1263069998.345:1184): avc:  denied  { send } for  pid=5909 comm="ping" saddr=10.209.37.91 src=57810 daddr=10.209.1.252 dest=53 netif=eth0 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Jan 10 02:16:38 localhost kernel: type=1400 audit(1263069998.361:1185): avc:  denied  { recv } for  saddr=10.209.1.252 src=53 daddr=10.209.37.91 dest=57810 netif=eth0 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Jan 10 02:16:57 localhost kernel: type=1400 audit(1263070017.215:1186): avc:  denied  { search } for  pid=5915 comm="iptables" name="net" dev=proc ino=-268435431 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
Jan 10 02:58:17 localhost kernel: type=1400 audit(1263072497.355:1187): avc:  denied  { signal } for  pid=5748 comm="bash" scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tclass=process
Jan 10 03:57:33 localhost kernel: type=1400 audit(1263076053.509:1188): avc:  denied  { setpgid } for  pid=5942 comm="bash" scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tclass=process
Jan 10 04:05:08 localhost kernel: type=1400 audit(1263076508.793:1189): avc:  denied  { read } for  pid=5926 comm="bash" name="var" dev=sda3 ino=977281 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
Jan 10 04:05:11 localhost kernel: type=1400 audit(1263076511.149:1190): avc:  denied  { read } for  pid=5944 comm="tail" name="messages" dev=sda3 ino=977356 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file
Is this an error? or Just system Information.
How can I check if LDAP connectivity is working or not.

Last edited by your_shadow03; 01-09-2010 at 11:09 AM.
 
Old 01-09-2010, 11:20 AM   #2
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
I am not certain on this since I have never dealt with LDAP but I suspect some of this is either missing files/programs or permission errors. If I had to take a guess /etc/resolv.conf is not writable (or atleast not writable via vi), certain required networking tools like iptables and ping are failing to work correctly and a DNS query to 10.209.37.91 also failed... some of the other ones I am not certain of, seems there are some kernel module updates it needs to perform as well. I am afraid all I can give are these few guesses.
 
Old 01-09-2010, 11:27 AM   #3
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,462
Blog Entries: 6

Original Poster
Rep: Reputation: 51
Guys,
I just installed CentOS with first CD as My Manager suggested me to install the minimum OS < 400 MB.As of now, Fedora DS is installed on this server and 636 port is open.
I did removed few packages so as to reduce the space.
Can anyone suggest me whats the solution?
All I noticed this when I found I am unable to connect through LDAPAdminTool installed on remote Windows Machine which should get connected to this Linux Machine through port 636(SSL).
 
Old 01-09-2010, 11:29 AM   #4
GooseYArd
Member
 
Registered: Jul 2009
Location: Reston, VA
Distribution: Slackware, Ubuntu, RHEL
Posts: 183

Rep: Reputation: 46
Those are messages from the kernel audit subsystem that indicate when access to some resource was denied. If you read them from left to right:

avc: denied { write } for pid=5908 comm="vi" name="resolv.conf"

that says, kernel denied a write to pid 5908, command "vi" for file "resolv.conf". So probably someone went to edit /etc/resolv.conf but forgot to su to root. The others are similar, but I don't see anything ldap related there.
 
Old 01-09-2010, 11:42 AM   #5
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,462
Blog Entries: 6

Original Poster
Rep: Reputation: 51
All I looked into Fedora DS(389 DS Server) dirsrv logs.
Code:
[root@389-ds ~]# tail -f /var/log/dirsrv/slapd-389-ds/access
[09/Jan/2010:22:53:00 +051800] conn=3 fd=64 slot=64 connection from 10.209.37.14         6 to 10.209.37.91
[09/Jan/2010:22:53:00 +051800] conn=3 op=-1 fd=64 closed error 71 (Protocol erro         r) - B1
[09/Jan/2010:23:14:00 +051800] conn=4 fd=64 slot=64 connection from 10.209.37.14         6 to 10.209.37.91
[09/Jan/2010:23:14:00 +051800] conn=4 op=-1 fd=64 closed error 71 (Protocol erro         r) - B1
[09/Jan/2010:23:14:24 +051800] conn=5 fd=64 slot=64 connection from 10.209.37.14         6 to 10.209.37.91
[09/Jan/2010:23:14:24 +051800] conn=5 op=-1 fd=64 closed error 71 (Protocol erro         r) - B1
[09/Jan/2010:23:14:50 +051800] conn=6 fd=64 slot=64 connection from 10.209.37.14         6 to 10.209.37.91
[09/Jan/2010:23:14:50 +051800] conn=6 op=-1 fd=64 closed error 71 (Protocol erro         r) - B1
[10/Jan/2010:04:39:59 +051800] conn=7 fd=64 slot=64 connection from 10.209.37.14         6 to 10.209.37.91
[10/Jan/2010:04:39:59 +051800] conn=7 op=-1 fd=64 closed error 71 (Protocol erro         r) - B1
And also,
Code:
[root@389-ds ~]# tail -f /var/log/dirsrv/slapd-389-ds/errors
[09/Jan/2010:21:48:39 +051800] - slapd stopped.
[09/Jan/2010:21:48:42 +051800] - 389-Directory/1.2.4 B2009.307.1545 starting up
[09/Jan/2010:21:48:42 +051800] - slapd started.  Listening on All Interfaces port 636 for LDAP requests
[09/Jan/2010:22:52:24 +051800] - conn=1 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:22:52:43 +051800] - conn=2 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:22:53:00 +051800] - conn=3 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:23:14:00 +051800] - conn=4 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:23:14:24 +051800] - conn=5 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:23:14:50 +051800] - conn=6 received a non-LDAP message (tag 0x80, expected 0x30)
[10/Jan/2010:04:39:59 +051800] - conn=7 received a non-LDAP message (tag 0x80, expected 0x30)
Any idea whats saying?All I am trying to connect through LDAPAdminTool from remote 10.209.37.146 Machine.

Last edited by your_shadow03; 01-09-2010 at 11:46 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
kernel log format in /var/log/kern.log sinu_nayak2001 Linux - Newbie 2 10-07-2009 08:34 AM
In Apache server, How to change log file location and log format for access log fil? since1993 Linux - Server 1 08-19-2009 04:14 PM
What the %$#@ is pam_unix (cron:session) doing every ten minutes? (/var/log/auth.log) CoffeeKing!!! Linux - Security 3 02-05-2009 07:07 AM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 04:13 PM
Opennms Logs - where are web.log, web_rtc.log and webauth.log referenced? not_much_of_a_guru Linux - Networking 0 07-12-2006 10:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration