[tac_plus] Intermittent failure to talk to T+ server

Asif Iqbal vadud3 at gmail.com
Thu Apr 11 17:38:10 UTC 2013 

On Thu, Apr 11, 2013 at 11:02 AM, heasley <heas at shrubbery.net> wrote:

> Wed, Apr 10, 2013 at 04:36:34PM -0400, Asif Iqbal:
> > On Mon, Apr 8, 2013 at 4:58 PM, heasley <heas at shrubbery.net> wrote:
> >
> > > Mon, Apr 08, 2013 at 03:06:34PM -0400, Asif Iqbal:
> > > > Hi
> > > >
> > > > I am failing to login to router, intermittently, as it drops to
> Password:
> > > > prompt, hence failing to communicate with the T+ (F4.0.4.26) running
> on
> > > >  Ubuntu 10.04.4 LTS
> > > >
> > > > Here is the error I am getting when this happens
> > > >
> > > > Apr  8 18:35:00 tacacs-01 tac_plus[12341]: router1.example.nettty3: fd
> > > 2
> > > > eof (connection closed)
> > > > Apr  8 18:35:00 tacacs-01 tac_plus[12341]: Read -1 bytes from
> > > > router1.example.net tty3, expecting 12
> > > > Apr  8 18:35:00 tacacs-01 tac_plus[12341]: Error
> router1.example.nettty3:
> > > > Null reply packet, expecting CONTINUE
> > >
> > > it looks like the device thinks that the tty closed; ie: the user
> > > disconnected.
> > >
> >
> > We are using  pam_ldap for authentication and I see few errors like these
> >
> > nslcd[19201]: [23d03c] failed to bind to LDAP server ldaps://
> > 192.168.1.10:636 Can't contact LDAP server: Connection reset by peer
> >
> > nslcd[19201]: [36cb51] ldap_result() failed: Can't contact LDAP server
> >
> > I wonder if those are the real culprit for the connection closed error
>
> probably.  if you can, try testing with an alternative source or a
> different
> ldap server.
>

idle_timelimit 100 on nslcd.conf improved it. Lot less  ldap_result()
failed;

suggestion was inspired by this bug report.

https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1074213




-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130411/9e9d6b2d/attachment.html>

More information about the tac_plus mailing list