[389-users] SSL peer reports incorrect Message Authentication Code in versions >= 1.2.2
Juan Asensio Sánchez
okelet at gmail.com
Mon May 3 15:16:04 UTC 2010
Hi
2010/5/3 Rich Megginson <rmeggins at redhat.com>
> > We are having trouble since we have updated from version 1.1.3 to
> > 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients into LDAP.
> > When we try to make "getent group", we only get one group and its
> > members, but no the rest of the groups (should be more than 1000 groups).
> What platform? 32-bit or 64-bit?
> How many groups? Do you only get this error when you attempt a search
> to return this many groups?
>
"getent group" should return the local groups (that are show fine) and about
729 LDAP groups. If I do the same search with the command ldapsearch, all
groups and their attributes are returned. All 32 bits (client and server),
versions:
Server: CentOS release 5.4 (Final), Linux XXXXXXXXXXXXXXX
2.6.18-164.15.1.el5.centos.plusPAE #1 SMP Wed Mar 17 20:42:15 EDT 2010 i686
i686 i386 GNU/Linux
Client: CentOS release 5.4 (Final), Linux localhost.localdomain
2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux
When running "getent group", the file /var/log/messages throws theses
errors:
May 3 12:36:50 localhost getent: nss_ldap: reconnected to LDAP server
ldaps://XXXXXXXXX after 1 attempt
May 3 12:37:10 localhost getent: nss_ldap: could not get LDAP result -
Timed out
The "Timed out" message is because LDAP server has dropped the connection
when it receives "SSL peer reports incorrect Message Authentication Code",
and happens (I think) after reading the entry of the first group, so the
rest of the groups are not shown.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100503/17872027/attachment.html>
More information about the 389-users
mailing list