Subj : LDAP, NSS and SSH To : comp.os.linux,comp.os.linux.questions From : Patrick McDonnell Date : Thu Dec 30 2004 09:11 am I have a small beowulf cluster, setup with libpam_ldap and libnss_ldap to keep the user account information current across all machines. Thus far, it has been working fine for passwd and group information. However, I recently tried to add the host and ip information, so that I don't have to make extensive changes to /etc/hosts on several machines. So, I added the information to LDAP, and on each client, added LDAP to the hosts line in /etc/nsswitch.conf, and restarted nscd. But when I try to ssh to any of these machines, it hangs for several minutes, will not connect, and displays "Read from socket failed: Connection reset by peer". There also seems to be an IPv6 element that showed up in the process, as if I don't specify the -4 option to ssh, this additional messages appears immediately after executing the command: "socket: Address family not supported by protocol". A host entry for one of these machines in LDAP looks like: dn: cn=node1,ou=Hosts,dc=muncc,dc=marmionacademy,dc=org cn: node1 objectClass: top objectClass: ipHost objectClass: device structuralObjectClass: device entryUUID: d1f932aa-7f5f-1028-83c0-ff3c9b6979b0 creatorsName: cn=admin,dc=muncc,dc=marmionacademy,dc=org createTimestamp: 20040810212726Z ipHostNumber: 10.0.1.1 entryCSN: 2004081021:27:36Z#0x0001#0#0000 modifiersName: cn=admin,dc=muncc,dc=marmionacademy,dc=org modifyTimestamp: 20040810212736Z Note that I can ping node1 without any problem, but if I try to ssh to node1, the problems I described above occur. Looking through the LDAP server logs, if I specify the -4 option to ssh, nothing appears in the logs. If I don't add -4, this shows up: Dec 30 09:09:52 node0 slapd[24823]: conn=3043 fd=48 ACCEPT from IP=127.0.0.1:48068 (IP=0.0.0.0:389) Dec 30 09:09:52 node0 slapd[24824]: conn=3043 op=0 BIND dn="" method=128 Dec 30 09:09:52 node0 slapd[24824]: conn=3043 op=0 RESULT tag=97 err=0 text= Dec 30 09:09:52 node0 slapd[24850]: conn=3043 op=1 SRCH base="dc=muncc,dc=marmionacademy,dc=org" scope=2 filter="(&(objectClass=ipHost)(cn=node1))" Dec 30 09:09:52 node0 slapd[24850]: conn=3043 op=1 SRCH attr=cn ipHostNumber Dec 30 09:09:52 node0 slapd[24850]: <= bdb_equality_candidates: (cn) index_param failed (18) Dec 30 09:09:52 node0 slapd[24850]: conn=3043 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 30 09:09:52 node0 slapd[24824]: conn=3043 op=2 SRCH base="dc=muncc,dc=marmionacademy,dc=org" scope=2 filter="(&(objectClass=ipHost)(cn=node1))" Dec 30 09:09:52 node0 slapd[24824]: conn=3043 op=2 SRCH attr=cn ipHostNumber Dec 30 09:09:52 node0 slapd[24824]: <= bdb_equality_candidates: (cn) index_param failed (18) Dec 30 09:09:52 node0 slapd[24824]: conn=3043 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= I'd appreciate any help I can get with this. -- Patrick McDonnell ----------------------------------- MUNCC 2 System Administrator http://www.muncc.marmionacademy.org/ pmcdonnell@muncc.marmionacademy.org ----------------------------------- .