[389-users] SSL peer reports incorrect Message Authentication Code in versions >= 1.2.2
Rich Megginson
rmeggins at redhat.com
Mon May 3 16:22:28 UTC 2010
Juan Asensio Sánchez wrote:
> Hi
>
> 2010/5/3 Rich Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
>
> > We are having trouble since we have updated from version 1.1.3 to
> > 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients into LDAP.
> > When we try to make "getent group", we only get one group and its
> > members, but no the rest of the groups (should be more than 1000
> groups).
> What platform? 32-bit or 64-bit?
> How many groups? Do you only get this error when you attempt a search
> to return this many groups?
>
>
> "getent group" should return the local groups (that are show fine) and
> about 729 LDAP groups.
How many groups total? Roughly how many members? I'm trying to get
some idea about how many entries and how many bytes should be returned.
> If I do the same search with the command ldapsearch,
ldapsearch to ldaps://hostname:636/ or ldap://hostname:389/ ?
> all groups and their attributes are returned. All 32 bits (client and
> server), versions:
>
> Server: CentOS release 5.4 (Final), Linux XXXXXXXXXXXXXXX
> 2.6.18-164.15.1.el5.centos.plusPAE #1 SMP Wed Mar 17 20:42:15 EDT 2010
> i686 i686 i386 GNU/Linux
> Client: CentOS release 5.4 (Final), Linux localhost.localdomain
> 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386
> GNU/Linux
>
> When running "getent group", the file /var/log/messages throws theses
> errors:
>
> May 3 12:36:50 localhost getent: nss_ldap: reconnected to LDAP server
> ldaps://XXXXXXXXX after 1 attempt
> May 3 12:37:10 localhost getent: nss_ldap: could not get LDAP result
> - Timed out
>
> The "Timed out" message is because LDAP server has dropped the
> connection when it receives "SSL peer reports incorrect Message
> Authentication Code", and happens (I think) after reading the entry of
> the first group, so the rest of the groups are not shown.
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list