Keep getting ldap error

lmal · 12-27-2010, 10:10 AM

MemServer nss_updatedb: nss_ldap: failed to bind to LDAP server ldap://example.org: Can't contact LDAP server

I've checked the nsswitch.conf file and there is no mention of ldap in there. I've run the authconfig --kickstart --disableldap and authconfig --kickstart --disableldapauth commands...but I'm still getting that error.

I have OSSEC setup which is how I realized I'm getting this error on several of my RHEL 5 servers.

Is there another conf file to check? Any suggestions??

I should also mention that we used ldap before, but we are no longer using it. We do use likewise to connect on some of the servers, but not all of them.

Thanks for your help!

lmal · 12-29-2010, 11:24 AM

I have another issue, which could be related to this issue. In my domain controller logs (Windows 2008), I keep getting event id 36887 with "fatal error 48." I've been reading and this may be related to a TLS error. So, I ran wireshark on one of my DCs and it seems that a few of my linux machines are constantly trying to use TLSv1, which may be causing the event to appear every 10 seconds or so on both my DCs.

Is there a way to change it to use SSL instead? I'm a total newb, so excuse my ignorance.

lmal · 12-29-2010, 11:37 AM

I got this from wireshark:

Protocol
TLSv1

Info
Alert (Level: FAtal, Description: Unknown CA)

Not sure if that's any help

lmal · 12-30-2010, 02:20 PM

Okay, fixed the other authentication error, but still having the same original problem...any suggestions???

frndrfoe · 12-30-2010, 02:55 PM

Quote:

Originally Posted by lmal

I got this from wireshark:

Protocol
TLSv1

Info
Alert (Level: FAtal, Description: Unknown CA)

Not sure if that's any help

Are you connecting to the ldap server using tls? It looks like the ldap server is probably using a self signed cert and your clients do not trust it because they do not have the CA. If you created your own CA, each client needs to have the CA installed.

lmal · 01-03-2011, 08:25 AM

Yeah, we actually fixed that issue. I thought it was related, but it wasn't. The TLS issue was related to an old cron job that was no longer valid. Once we stopped that we stopped getting those errors on the DCs. However, I'm still getting several errors regarding my first question in the thread. The error is this:

Received From: (LinuxSrv) 192.168.100.14->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Jan 3 08:46:12 LinuxSrv nss_updatedb: nss_ldap: failed to bind to LDAP server ldap://domain.org: Can't contact LDAP server

It's not happening on all of our linux servers, only a few...but the errors are happening repeatedly. For instance, over the weekend, I got 1000+ emails regarding this error on about 4 different servers.

We aren't using LDAP anymore and that server doesn't actually exist. We do use Likewise on a couple of servers, but they should just be contacting the DCs, not ldap://domain.org.

Any suggestions for that?? Thanks!

frndrfoe · 01-03-2011, 04:46 PM

Can you just stop the nss_updatedb service?

lmal · 01-04-2011, 08:31 AM

I tried to stop the nss_updateb service, but it says there's no such service. I typed in the top command to see which services are running, but didn't see any reference to nss_ anything.

frndrfoe · 01-04-2011, 04:59 PM

Try these:

Code:

rpm -qa | grep nss

Code:

locate nss_updatedb

Code:

ps aux | grep nss

Code:

ls /etc/init.d | grep nss

Code:

chkconfig --list | grep nss

Code:

lsof -i | grep [389|ldap|nss]

-389|ldap|nss one at a time in the last one.

lmal · 01-05-2011, 11:26 AM

Thanks frn...I found the issue on a couple of the servers. There was apparently a cron job running for nssupdate. I removed that script in /etc/cron.hourly and that fixed it.

Thanks!

lmal · 01-05-2011, 02:39 PM

Oops...spoke too soon. So, that worked for a couple of the servers, but I'm still getting the same ldap errors on some of the other ones. I searched for that script everyone on the servers, and deleted it, but I'm still getting the issue.

Again, I'm new, so I'm not exactly sure what I'm looking at when I run all of the commands you told me about. However, when I run the ps aux | grep nss it does grep out something that seems to be using nssupdate.sh still.

root 5035 0.0 0.0 8704 1056 ? S 2010 1:11 /bin/bash /etc/cron.hourly/nssupdate.sh
root 5036 0.0 0.0 8772 712 ? S 2010 0:05 awk -v progname=/etc/cron.hourly/nssupdate.sh progname {????? print progname ":\n"????? progname="";???? }???? { print; }
root 8654 0.0 0.0 61148 732 pts/1 S+ 15:33 0:00 grep nss

However, that script is no longer in /etc/cron.hourly. I'm root, so there shouldn't be any problems there. Perhaps this is just referencing something that ran previously.

I've run the other commands you've recommended and I find a couple of mentions of nssupdate, but they just seem to be files, not services or executables.

Any other suggestions?