[Pkg-utopia-maintainers] Bug#614804: network-manager: system lockup with LDAP lookup for passwd+group+shadow+hosts
Luca Capello
luca at pca.it
Wed Feb 23 15:09:36 UTC 2011
Package: network-manager
Version: 0.8.1-6
Severity: important
Blocked-by: 606268
Hi there!
First, a bit of history about how I discovered this bug: I spent the
more than one week in tests to track it down, so I do not want to simply
trash this work, sorry.
While investigating bugs #412989 [1] and #500998 [2], I found out that
enabling LDAP lookup for all the primary four entries in
/etc/nsswitch.conf [3] causes a system lookup:
- in 5.0.8/lenny, libnss-ldap/261-2.1, network-manager/0.6.6-3
kinit: No resume image, doing normal boot...
INIT: version 2.86 booting
Starting the hotplug events dispatcher: udevd[no-blinking cursor]
To exit this situation a hard reboot is needed.
- in 6.0.0/squeeze, libnss-ldap/264-2.2, network-manager/0.8.1-6
Starting periodic command scheduler: cron.
CPUFreq Utilities: Setting ondemand CPUFreq gover...disabled,
governor not available...done.
Starting MTA:[blinking cursor]
Ctrl-Alt-Del works as well as single-user mode, which means that debug
is possible ;-)
[1] <http://bugs.debian.org/412989>
[2] <http://bugs.debian.org/500998>
[3] while I am still an LDAP newbie, this the most advised setup you can
find on the net, e.g. <http://wiki.debian.org/LDAP/NSS>
Please note that as suggested by /usr/share/doc/udev/README.Debian.gz,
setting '[UNAVAIL=return]' in any ldap service does not help.
On lenny, surprisingly enough, this bug does not happen if the "unknown"
groups have been replaced by nobody/nogroup (because of #412989 [1]).
On squeeze, however, these "unknown" groups are no more unknown [4], but
this bug (or some incarnation of it) is still there. Squeeze users can
simply install libpam-ldapd and libnss-ldapd, given that even the
squeeze Release Notes [5] suggests that for other reasons [6][7].
[4] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412989#66>
[5] <http://www.debian.org/releases/stable/i386/release-notes/ch-information.en.html#ldap-gnutls>
[6] <http://bugs.debian.org/566351>
[7] <http://bugs.debian.org/545414>
Good, we have two bugs, in some sort related. Given that I thought this
was a libnss-ldap problem, I looked in the Debian BTS founding two bugs
which could be linked to mine, even if I do not have the same symptoms:
#143496 [8], libnss-ldap: Segfault when used for host resolution
#218958 [9], libnss-ldap - host resolution hangs on Linux 2.6.0-test8/test9
[8] <http://bugs.debian.org/143496>
[9] <http://bugs.debian.org/218958>
As I wrote above, the situation on squeeze is a bit better, I have
access to single-user mode so I can debug, starting from dbus...
Unfortunately, it seems quite hard to have a dbus-daemon output (I read
the docs), so I was submitting this bug asking for hints. OTOH, if
libnss-ldap maintainer would have thought that it is not worth it
(libnss-ldapd is the future), this bug should have simply been left as
it is or even closed.
Trying to debug dbus-daemon in single-user mode, I discovered that there
is no more network. Because of #530024 [10], my /etc/network/interfaces
(generated by d-i for a wired interface, so #606268 is no more only
related to wireless [11]) is:
--8<---------------cut here---------------start------------->8---
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
#NetworkManager#iface eth0 inet dhcp
--8<---------------cut here---------------end--------------->8---
[10] <http://bugs.debian.org/530024>
[11] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606268#122>
This is a serious bug (feel free to clone it), since according to the
Debian Reference [11][12]:
3.5.7. Network interface initialization
Network interfaces are initialized in runlevel S by the init script
symlinked to "/etc/init.d/ifupdown-clean" and "/etc/init.d/ifupdown".
See Chapter 5, Network setup for how to configure them.
[11] <http://www.debian.org/doc/manuals/debian-reference/ch03.en.html#_network_interface_initialization>
[12] I am sorry, but I was not able to find any other documentation or
package where this is actually defined, corrections welcomed!
FWIW, the squeeze Release Notes contains a text about that [13], but
this does not say anything about boot or single-user mode:
5.6.3. network-manager and ifupdown interaction
Upon upgrading the network-manager package, interfaces configured in
/etc/network/interfaces to use DHCP with no other options will be
disabled in that file, and handled by NetworkManager instead.
Therefore the ifup and ifdown commands will not work. These
interfaces can be managed using the NetworkManager frontends instead,
see the NetworkManager documentation.
Conversely, any interfaces configured in /etc/network/interfaces with
more options will be ignored by NetworkManager. This applies in
particular to wireless interfaces used during the installation of
Debian (see bug #606268).
[13] <http://www.debian.org/releases/stable/i386/release-notes/ch-information.en.html#id333260>
To summarize, how to reproduce this bug:
1) install a standard 6.0.0/squeeze
2) install libpam-ldap and libnss-ldap
LDAP server URI: ldap://db.debian.org
Search base: dc=debian,dc=org
LDAP version to use: 3
LDAP account for root: cn=manager,dc=example,dc=net
LDAP root account password: [simply press ENTER]
Make local root Database admin: Yes
Does the LDAP database require login: No
3) in /etc/nsswitch.conf enable LDAP lookup for passwd, group, shadow
and hosts
4) reboot & enjoy
After having read /usr/share/doc/network-manager/README.Debian, there
are two ways to fix it:
a) setting 'Managed mode' in /etc/NetworkManager/NetworkManager.conf for
ifupdown. This should be the default, since again according to the
Debian Reference [12][14]:
5.3. The legacy network connection and configuration
When the method described in Section 5.2, “The modern network
configuration for desktop” does not suffice your needs, you should
use the legacy network connection and configuration method which
combines many simpler tools.
[...]
The ifupdown package is the de facto standard for such high level
network configuration system on Debian. It enables you to bring up
network simply by doing , e.g., "ifup eth0". Its configuration file
is the "/etc/network/interfaces" file and its typical contents are
the following.
So, either we remove completely /etc/network/interfaces or
network-manager must cope with that, full stop. Which means also
that it must know about /etc/network/run/ifstate [15].
Funny enough, nmcli [16] manpage contains the following:
DESCRIPTION
nmcli is a command-line tool for controlling NetworkManager
and getting its status. It is not meant as a replacement of
nm-applet or other similar clients. Rather it's a
complementary utility to these programs. The main nmcli's
usage is on servers, headless machines or just for power
users who prefer the command line.
The use cases comprise:
-- Initscripts: ifup/ifdown can utilize NetworkManager via
nmcli instead of having to manage connections itself and
possible interfere with NetworkManager.
b) leaving 'Unmanaged mode' in /etc/NetworkManager/NetworkManager.conf
using the 'System settings' with the ifupdown plugin [17] and
removing the '#NetworkManager#' comment in /etc/network/interfaces,
but obviously eth0 is marked as not managed in the NM applet.
[14] <http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_legacy_network_connection_and_configuration>
[15] <http://bugs.debian.org/416526>
[16] seriously, with the other tools being called nm-$TOOL, why this one
is nm$TOOL?
[17] why is the ifupdown plugin enabled by default if network-manager
does not use /etc/network/interfaces at all?
If there is something I can do to help solving this bug as per point a)
just above, please let me know: I am not such a skilled programmer,
nevertheless doing test does not scare me.
Thx, bye,
Gismo / Luca
-- System Information:
Debian Release: 6.0
APT prefers squeeze-updates
APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages network-manager depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii dbus 1.2.24-4 simple interprocess messaging syst
ii isc-dhcp-client 4.1.1-P1-15 ISC DHCP client
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libdbus-1-3 1.2.24-4 simple interprocess messaging syst
ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging syst
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libgudev-1.0-0 164-3 GObject-based wrapper library for
ii libnl1 1.1-6 library for dealing with netlink s
ii libnm-glib2 0.8.1-6 network management framework (GLib
ii libnm-util1 0.8.1-6 network management framework (shar
ii libpolkit-gobject-1-0 0.96-4 PolicyKit Authorization API
ii libuuid1 2.17.2-9 Universally Unique ID library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii udev 164-3 /dev/ and hotplug management daemo
ii wpasupplicant 0.6.10-2.1 client support for WPA and WPA2 (I
Versions of packages network-manager recommends:
ii dnsmas 2.55-2 A small caching DNS proxy and DHCP
ii iptabl 1.4.8-3 administration tools for packet fi
ii modemm 0.4+git.20100624t180933.6e79d15-2 D-Bus service for managing modems
ii policy 0.96-4 framework for managing administrat
ii ppp 2.4.5-4 Point-to-Point Protocol (PPP) - da
Versions of packages network-manager suggests:
pn avahi-autoipd <none> (no description available)
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20110223/2d8a7591/attachment.pgp>
More information about the Pkg-utopia-maintainers
mailing list