2

I'm debugging a ldap problem after ldap client machine upgraded to ubuntu 18.04. Trying to figure out where the problem is, and I noticed the outbound connection is in SYN_SENT, but when I use tcpdump to capture the problem, both server and client machine's tcpdump has no data about that specific connection, just like it stuck in the kernel's tcp stack. Is there any possible problem that caused this symptom?

Some background:

LDAP server ubuntu 16.04.5, LDAP client 18.04.1

ldap client program: pam_ldap and systemd-logind(which uses nss-ldap)

pam_ldap can connect to ldap server and bind without problem and tcpdump captures the packet.

systemd-logind always complain about do_start_tls failed: stat=-1, netstat shows SYN_SENT and tcpdump captures no outbound packet.

Same configuration on 16.04 works without any problem.

Improve this question
3
  • You should include the full line from the netstat output in your question. It may contain other relevant information. Commented Oct 16, 2018 at 8:42
  • netstat output only contains successful connection (made by pam_ldap) and SYN_SENT connection (made by system_logind). Confirmed with strace. Commented Oct 16, 2018 at 9:06
  • It's the firewall. It's always the firewall. Commented Oct 17, 2018 at 4:27

1 Answer 1

Reset to default
1

Disable Apparmor completely and this problem solved. It seems that Appamor blocked systemd-logind outbound connection.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.