<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.35">
<TITLE>RE: Problem with Sol8 and LDAP</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>You have to be root on Solaris to truss a setuid executable (which ssh is). So try (as root):</FONT>
<BR><FONT SIZE=2>root@tao[!] -> truss ssh -l treno -v</FONT>
</P>
<P><FONT SIZE=2>Thanks,</FONT>
<BR><FONT SIZE=2>--Jason Lacoss-Arnold, Systems Technical Specialist</FONT>
<BR><FONT SIZE=2>Technical Services - Unix Arch.</FONT>
<BR><FONT SIZE=2>314-955-8501</FONT>
</P>
<BR>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Roberto Bertucci [<A HREF="mailto:roberto.bertucci@netscalibur.it">mailto:roberto.bertucci@netscalibur.it</A>]</FONT>
<BR><FONT SIZE=2>Sent: Tuesday, February 19, 2002 3:51</FONT>
<BR><FONT SIZE=2>To: Ed Phillips</FONT>
<BR><FONT SIZE=2>Cc: OpenSSH Development</FONT>
<BR><FONT SIZE=2>Subject: Re: Problem with Sol8 and LDAP</FONT>
</P>
<BR>
<P><FONT SIZE=2>Thank you for your answer.</FONT>
<BR><FONT SIZE=2>I took a little time to update Solaris to the last recommended patch level </FONT>
<BR><FONT SIZE=2>(rel. 04 Feb 2002).</FONT>
<BR><FONT SIZE=2>The problem is still here.</FONT>
</P>
<P><FONT SIZE=2>User treno (this is me) is connected via telnet and authenticated against </FONT>
<BR><FONT SIZE=2>LDAP server (netscape 4.1).</FONT>
</P>
<P><FONT SIZE=2>Even a truss is not useful:</FONT>
<BR><FONT SIZE=2>treno@tao[!] -> truss ssh -v</FONT>
<BR><FONT SIZE=2>truss: cannot trace set-id or unreadable object file: /usr/local/bin/ssh</FONT>
</P>
<P><FONT SIZE=2>I am attaching pam.conf and nsswitch.conf</FONT>
</P>
<P><FONT SIZE=2>Thank you,</FONT>
<BR><FONT SIZE=2>RB</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>At 09.31 18/02/2002 -0500, Ed Phillips wrote:</FONT>
<BR><FONT SIZE=2>>On Mon, 18 Feb 2002, Roberto Bertucci wrote:</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> > Date: Mon, 18 Feb 2002 10:39:29 +0100</FONT>
<BR><FONT SIZE=2>> > From: Roberto Bertucci <roberto.bertucci@netscalibur.it></FONT>
<BR><FONT SIZE=2>> > To: openssh-unix-dev@mindrot.org</FONT>
<BR><FONT SIZE=2>> > Subject: Problem with Sol8 and LDAP</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > Hi, i am experiencing a problem with ssh 3.0.2.p1 running on Solaris 2.8.</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>What patches do you have installed for Sol8? Did you install all of the</FONT>
<BR><FONT SIZE=2>>recommended patches along with relevent LDAP/PAM patches? What does your</FONT>
<BR><FONT SIZE=2>>/etc/nsswitch.conf look like? What does /etc/pam.conf look like?</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> > Everything works fine with local users (i.e. with local passwd and shadow</FONT>
<BR><FONT SIZE=2>> > entries). With LDAP authenticated users, i obtain:</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > treno@tao[!] -> ssh -v</FONT>
<BR><FONT SIZE=2>> > Segmentation Fault (core dumped)</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>We need a little more than "core dumped" to be able to solve the</FONT>
<BR><FONT SIZE=2>>problem... can you provide truss output? Is "treno" user a that is logged</FONT>
<BR><FONT SIZE=2>>in via PAM+LDAP (there is an sshd process involved) or is this a user who</FONT>
<BR><FONT SIZE=2>>is on the console trying to ssh out of the system?</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> > The probem is the same with 2.x releases.</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>I've never seen the client dump core like this, even on a system that has</FONT>
<BR><FONT SIZE=2>>PAM configured to use LDAP.</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> Ed</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>Ed Phillips <ed@udel.edu> University of Delaware (302) 831-6082</FONT>
<BR><FONT SIZE=2>>Systems Programmer III, Network and Systems Services</FONT>
<BR><FONT SIZE=2>>finger -l ed@polycut.nss.udel.edu for PGP public key</FONT>
</P>
<CODE><FONT SIZE=3><BR>
<BR>
***************************************************************************************<BR>
WARNING: All e-mail sent to and from this address will be received or<BR>
otherwise recorded by the A.G. Edwards corporate e-mail system and is<BR>
subject to archival, monitoring or review by, and/or disclosure to,<BR>
someone other than the recipient.<BR>
***************************************************************************************<BR>
</FONT></CODE></BODY>
</HTML>