Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-09-2010, 11:08 AM
|
#1
|
|
Senior Member
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466
Rep: 
|
What does the log says?
I have CentOS where I have configured Fedora DS based on OpenLDAP.
I have been connecting from Windows Client but everytime it says "LDAP Server not up".I have captured logs which do get displayed during putty is open too.
Code:
[root@389-ds ~]# tail -f /var/log/messages
Jan 10 02:16:02 localhost dhclient: DHCPREQUEST on eth0 to 10.209.1.250 port 67
Jan 10 02:16:02 localhost dhclient: DHCPACK from 10.209.1.250
Jan 10 02:16:03 localhost dhclient: bound to 10.209.37.91 -- renewal in 113158 seconds.
Jan 10 02:16:23 localhost kernel: type=1400 audit(1263069983.026:1183): avc: denied { write } for pid=5908 comm="vi" name="resolv.conf" dev=sda3 ino=1433357 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
Jan 10 02:16:38 localhost kernel: type=1400 audit(1263069998.345:1184): avc: denied { send } for pid=5909 comm="ping" saddr=10.209.37.91 src=57810 daddr=10.209.1.252 dest=53 netif=eth0 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Jan 10 02:16:38 localhost kernel: type=1400 audit(1263069998.361:1185): avc: denied { recv } for saddr=10.209.1.252 src=53 daddr=10.209.37.91 dest=57810 netif=eth0 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Jan 10 02:16:57 localhost kernel: type=1400 audit(1263070017.215:1186): avc: denied { search } for pid=5915 comm="iptables" name="net" dev=proc ino=-268435431 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
Jan 10 02:58:17 localhost kernel: type=1400 audit(1263072497.355:1187): avc: denied { signal } for pid=5748 comm="bash" scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tclass=process
Jan 10 03:57:33 localhost kernel: type=1400 audit(1263076053.509:1188): avc: denied { setpgid } for pid=5942 comm="bash" scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tclass=process
Jan 10 04:05:08 localhost kernel: type=1400 audit(1263076508.793:1189): avc: denied { read } for pid=5926 comm="bash" name="var" dev=sda3 ino=977281 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
Jan 10 04:05:11 localhost kernel: type=1400 audit(1263076511.149:1190): avc: denied { read } for pid=5944 comm="tail" name="messages" dev=sda3 ino=977356 scontext=root:system_r:update_modules_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file
Is this an error? or Just system Information.
How can I check if LDAP connectivity is working or not.
Last edited by your_shadow03; 01-09-2010 at 11:09 AM.
|
|
|
|
|
01-09-2010, 11:20 AM
|
#2
|
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
I am not certain on this since I have never dealt with LDAP but I suspect some of this is either missing files/programs or permission errors. If I had to take a guess /etc/resolv.conf is not writable (or atleast not writable via vi), certain required networking tools like iptables and ping are failing to work correctly and a DNS query to 10.209.37.91 also failed... some of the other ones I am not certain of, seems there are some kernel module updates it needs to perform as well. I am afraid all I can give are these few guesses.
|
|
|
|
|
01-09-2010, 11:27 AM
|
#3
|
|
Senior Member
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466
Original Poster
Rep:
|
Guys,
I just installed CentOS with first CD as My Manager suggested me to install the minimum OS < 400 MB.As of now, Fedora DS is installed on this server and 636 port is open.
I did removed few packages so as to reduce the space.
Can anyone suggest me whats the solution?
All I noticed this when I found I am unable to connect through LDAPAdminTool installed on remote Windows Machine which should get connected to this Linux Machine through port 636(SSL).
|
|
|
|
|
01-09-2010, 11:29 AM
|
#4
|
|
Member
Registered: Jul 2009
Location: Reston, VA
Distribution: Slackware, Ubuntu, RHEL
Posts: 183
Rep:
|
Those are messages from the kernel audit subsystem that indicate when access to some resource was denied. If you read them from left to right:
avc: denied { write } for pid=5908 comm="vi" name="resolv.conf"
that says, kernel denied a write to pid 5908, command "vi" for file "resolv.conf". So probably someone went to edit /etc/resolv.conf but forgot to su to root. The others are similar, but I don't see anything ldap related there.
|
|
|
|
|
01-09-2010, 11:42 AM
|
#5
|
|
Senior Member
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466
Original Poster
Rep:
|
All I looked into Fedora DS(389 DS Server) dirsrv logs.
Code:
[root@389-ds ~]# tail -f /var/log/dirsrv/slapd-389-ds/access
[09/Jan/2010:22:53:00 +051800] conn=3 fd=64 slot=64 connection from 10.209.37.14 6 to 10.209.37.91
[09/Jan/2010:22:53:00 +051800] conn=3 op=-1 fd=64 closed error 71 (Protocol erro r) - B1
[09/Jan/2010:23:14:00 +051800] conn=4 fd=64 slot=64 connection from 10.209.37.14 6 to 10.209.37.91
[09/Jan/2010:23:14:00 +051800] conn=4 op=-1 fd=64 closed error 71 (Protocol erro r) - B1
[09/Jan/2010:23:14:24 +051800] conn=5 fd=64 slot=64 connection from 10.209.37.14 6 to 10.209.37.91
[09/Jan/2010:23:14:24 +051800] conn=5 op=-1 fd=64 closed error 71 (Protocol erro r) - B1
[09/Jan/2010:23:14:50 +051800] conn=6 fd=64 slot=64 connection from 10.209.37.14 6 to 10.209.37.91
[09/Jan/2010:23:14:50 +051800] conn=6 op=-1 fd=64 closed error 71 (Protocol erro r) - B1
[10/Jan/2010:04:39:59 +051800] conn=7 fd=64 slot=64 connection from 10.209.37.14 6 to 10.209.37.91
[10/Jan/2010:04:39:59 +051800] conn=7 op=-1 fd=64 closed error 71 (Protocol erro r) - B1
And also,
Code:
[root@389-ds ~]# tail -f /var/log/dirsrv/slapd-389-ds/errors
[09/Jan/2010:21:48:39 +051800] - slapd stopped.
[09/Jan/2010:21:48:42 +051800] - 389-Directory/1.2.4 B2009.307.1545 starting up
[09/Jan/2010:21:48:42 +051800] - slapd started. Listening on All Interfaces port 636 for LDAP requests
[09/Jan/2010:22:52:24 +051800] - conn=1 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:22:52:43 +051800] - conn=2 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:22:53:00 +051800] - conn=3 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:23:14:00 +051800] - conn=4 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:23:14:24 +051800] - conn=5 received a non-LDAP message (tag 0x80, expected 0x30)
[09/Jan/2010:23:14:50 +051800] - conn=6 received a non-LDAP message (tag 0x80, expected 0x30)
[10/Jan/2010:04:39:59 +051800] - conn=7 received a non-LDAP message (tag 0x80, expected 0x30)
Any idea whats saying?All I am trying to connect through LDAPAdminTool from remote 10.209.37.146 Machine.
Last edited by your_shadow03; 01-09-2010 at 11:46 AM.
|
|
|
|
All times are GMT -5. The time now is 11:15 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
